scanning ...
↵ return
user defined functions and calls
declarationcalls
$a
$str
AbstractEvent
Animal::__clone
Animal::__construct
Animal::css
72
Animal::currentuser
152,202,565,21,68,101,232,10,396,875,1017,1359,26,7,80,478,529,731,782
Animal::currenuserid
153,24,19,41,241,395,23,87,536,21,470,19
Animal::getboltok
Animal::getbuilder
Animal::getcache
1572,1749
Animal::getcss
Animal::getdb
111,119,128,150,235,391,545,572,581,657,726,753,776,31,46,144,260,320,335,459,517,590,639,678,811,861,912,1029,1180,1216,1367,1456,1589,1746,3405,3462,3479,3854,3966,198,262,435,550,647,767,817,968,1080,1362,1399,1443,1585,1620,1670,1780,1807,1875,1912,1986,2145,2298,2421,2515,2681,2743,2872,2899,245,424,642,839,902,1194,1270,1376,1602,1630,1678,1805,1911,2166,2242,2429,2472,2559,2649,2671,123,179,352,682,889,982,1083,12,39,52,87,124,163,193,205,211,230,244,259,22,14,5,5,12,5,88,49,414,514,595,1419,5,344,3,2706,3952,7,5,5,112,440,913,1304,5,3,488,3,6,12,497,27,933,987,1078,1215,1328,1403,1520,1590,1660,1728,2133,2310,2392,2475,2564,2653,2741,3398,3916,3974,4198,4345,4414,4913,4971,5063,5156,5404,5460,5712,5744,5779,5851,5885,5926,5954,5982,447,5,6,1731,1758,5,3,7,9,488,5,372,421,540,590,616,642,6,6,3,5,1033,1108,3,63,5,19,5,334,588,629,3,7,5,6,3,5,6
Animal::getevent
5,599,6
Animal::getfile
15
Animal::getform
14,12,6,40,11,112,231,6,474,556,6,78,303,362,5,146,6,6,7,10,111,518,639,980,1073,76,281,322,4,5,32,286,419,84,289,331,28,270,99,392,465,5,899,909,1356,1699,1816,1825,9,11,76,281,322,6,98,169,7,5,545,556,7,7,78,279,359,4,5,1197,6,5,17,5
Animal::gethandlerpath
Animal::getinstance
Animal::getjs
438
Animal::getmail
988
Animal::getmsg
13,13,7,7,13,7,7,36,35,38,52,4,7,5,7,29,6,30,76,33,36,50,7,34,13,41,44,6,22,27,39,42,45,58,271,934,989,1150,11,40,43,57,73,7,55,490,6,6,32,8,10,33,36,50,7,33,8,108,151,7,5,25,51,6,61,4,6,6,32,35,38,52,5,6,7,28,7,34,50,52,6,7
Animal::getnavigation
Animal::getparser
260,268,276,284,1747,3394,199,263,818,1081,2900,1631,15,228,17,8,14,64,128,8,8,149,189,11,5,8,2707,8,21,37,66,189,77,422,541,91,145,8,712,66,101
Animal::getpdf
16,75,87,1097
Animal::getregistry
Animal::getrender
16,6,513,515,29,133,289,494,6,13,131,267,466,33,5,139,275,475,10,154,378,750,1428,1693,5,131,267,466,12,1031,18,133,265,576,16
Animal::getroute
Animal::getsingleton
Animal::gettelepek
525,2910,1932,219,520,601,468
Animal::gettelepikoltseg
3023,1157,8
Animal::isknowhandler
Animal::js
642,10,5,6,1163,1373,73,1888,82,63,64,334,278,8,30,30,31,16,14
Animal::setregistry
Animal::userisloggedin
ComposerAutoloaderInit8d92bd38093a46219d7c5a7c777799e8::getloader
7
ComposerAutoloaderInit8d92bd38093a46219d7c5a7c777799e8::loadclassloader
DanAvlBase::getdb
DanAvlCommunicator::__construct
DanAvlDatabase::__construct
DanAvlJob::__construct
DanAvlTaskAbortionAbnormalLitter::validate
DanAvlTaskBase::__construct
DanAvlTaskBoarEntryInHerd::validate
DanAvlTaskBreedingAnimalDeparture::validate
DanAvlTaskChangeBoarName::validate
DanAvlTaskChangeSowName::validate
DanAvlTaskCreateYoungAnimal::validate
DanAvlTaskDeleteBoarEntryInHerd::validate
DanAvlTaskDeleteBreedingAnimalDeparture::validate
DanAvlTaskDeleteFarrowing::validate
DanAvlTaskDeleteMating::validate
DanAvlTaskDeleteSowEntryInHerd::validate
DanAvlTaskDeleteYoungAnimal::validate
DanAvlTaskDeleteYoungAnimalDeparture::validate
DanAvlTaskDeleteYoungAnimalEntryInHerd::validate
DanAvlTaskFarrowing::validate
DanAvlTaskFarrowingWithNumbersOfEachGenderInTheLitter::validate
DanAvlTaskMating::validate
DanAvlTaskMatingWithSemenCollectionDate::validate
DanAvlTaskSowEntryInHerd::validate
DanAvlTaskYoungAnimalDeparture::validate
DanAvlTaskYoungAnimalEntryInHerd::validate
DashboardController::__construct
User::__construct
User::authenticate
149,188
User::data
User::generatecredentials
User::issuperadmin
User::loggedin
User::login
User::loginapikey
User::logout
User::modifycredentials
User::newcredentials
155
User::password_generate
84
User::set_activity
User::set_default_state
225,265,24
User::useravailable
235,77,108
__construct
_elm
_hypor_batch_get_local_tattoos
4330
_hypor_batch_get_tattoos
1312
_hypor_batch_process_import_collect_events
1340
_hypor_batch_process_import_processing_culling
_hypor_batch_process_import_processing_farrowing
_hypor_batch_process_import_processing_incubator_in
_hypor_batch_process_import_processing_incubator_out
_hypor_batch_process_import_processing_individual_details
1533
_hypor_batch_process_import_processing_mating
_hypor_batch_process_import_processing_mortality
_hypor_batch_process_import_processing_move_to
_hypor_batch_process_import_processing_move_to_farrowing
_hypor_batch_process_import_processing_removal
_hypor_batch_process_import_processing_remove_individual
_hypor_batch_process_import_processing_supply
_hypor_batch_process_import_processing_tattooing
_hypor_batch_process_import_processing_tattooing_piglets
2930
_hypor_batch_process_import_processing_ultrasound
_hypor_batch_process_import_processing_weaning
_hypor_batch_process_import_repaire_sow_product_details
1673
_hypor_batch_process_import_step_piglet_details
1603
_hypor_batch_process_sync_prepare_package_with_header
1113
_hypor_batch_process_sync_processing_tattoo
4361
_hypor_deduce_father_tattoo
5552,5358
_hypor_get_hypor_product_destination_by_name
5288
_hypor_get_line_by_name
4048,5267
_hypor_get_sow
2248,2342,2424,2507,2596,2685,2786,3414,3558
_hypor_get_sow_product
5781,2078,2160,2216,2222,2320,2402,2485,2574,2663,2751,3408,3538,3682,3765,3827
_hypor_get_sow_product_create
5144
_hypor_get_sperm
2258
_hypor_load_event
2092,2178,2232,2326,2408,2491,2580,2669,2771,2808,2851,2889,3164,3202,3341,3544,3690,3773,3835
_hypor_load_event_by_details
5815,5823
_hypor_load_event_by_key
5819
_hypor_update_sow_product_details
3902,4305,5392
_mt
2107,2108,2109,2110,2112,2114,2115,2116,2117,2119,2120,2121,2122,2124,2126,2127,2129,2130,2263,2264,2265,2267,2269,2270,2271,2273,2274,2275,2277,2279,2280,2282,2283
afz_ev_het_add_week
afz_get_atlagarak
afz_get_table
akt_tojo_szam
1647
allomany_actualize_bol
allomany_actualize_dt
804
allomany_actualize_lan_from_dt
allomany_actualize_tny_bol_from_dt
allomany_actualize_tny_ist_from_dt
allomany_actualize_tny_lan_from_dt
allomany_betegbox_actualize_dt
alomgenerator
array_avg_key
4223,3974,1084
array_collect_values_by_key
array_column_sort
3259,1084,2149
array_concat_key
array_count_key
array_diff_assoc_recursive
129
array_key_last
1045,1095
array_sort_by_column
array_sum_key
4128,4220,4221,4223,408,409,410,879,890,891,892,1253,1254,1255,3289,3290,3293,3294,3331,3332,3337,3340,3683,3694,3695,3696,3704,3718,3719,3721,3747,508,517,519,520,523,850,858,860,861,864,955,1057,1208,1209,1245,1272,1300,1319,1007,1008,1925,1926,1927,1928,1929,1930,2105,2106,2107,2108,2109,2110,2202,2203,2204,2205,2206,2207,2208,2245,2246,2319,2320,2321,2322,2323,2324,2325,2326,2349,2350,2351,2353,2354,2355,2361,2362,2363,2568,2569,2570,2575,2576,2577,2578,2580,2581,2585,2586,2587,2595,2596,2657,2658,2659,2660,2661,2662,2663,2782,2783,2784,2785,2787,2880,2881,2882,2883,2884,2885,2945,2946,2947,2948,2949,2950,3010,3011,3012,3013,3014,3015,3092,3097,3098,3099,3191,3196,3351,2937,2940,3466,3469,927,928,1072,1073,1079,1080,1081,1082,1083,1193,1598,1759,1760,1806
array_szoras_key
array_wavg_key
4032,4130,4132,4134,4136,4138,4140,4142,4144,177,247,369,386,407,539,540,877,883,1216,1233,1252,3194,3221,3222,3223,3287,3288,3291,3335,3336,3461,3665,3685,3686,3688,3689,3691,3692,3697,3702,3724,3727,3733,502,516,518,826,827,857,859,842,1931,1932,1933,1988,1989,2209,2210,2211,2212,2213,2243,2571,2572,2573,2588,2589,2590,2591,2597,2598,2608,2609,2611,2612,2664,2665,2666,2667,2786,2816,2817,2818,2819,3090,3091,3095,3096,3189,3190,3194,3195,1496,1600,1602,1604,1606,1608,1610,1612,1614,1642
authenticate
autoload
calculateindent
641
callapi
27,91,540
check_lan_koc_csoport
cleanoldunpairedtasks
composerrequire8d92bd38093a46219d7c5a7c777799e8
56
convert_to_bytes
count
475,1648,2066,2067,3557,3726,3728,3814,721,754,800,918,929,942,1152,1259,1364,2260,2266,2280,2289,2299,2308,2318,2327,2356,2365,2376,2386,149,2316,2323,2330,40,474,500,511,663,537,93,602,646,1325,1994,2032,2044,46,1167,1212,1325,1378,1407,1469,1517,1560,1587,1630,1657,1700,3437,4342,4387,4435,4560,1733,54
datatablecols
date_get_year_quarter_details_by_date
datediff
1285,1634,3145,1015,1047,2533,270,297,1201,1286,1385,3673,3957,2801
datum_rdatumbol
1064,2387,3081,3179,322,864,1171,3104
defset
574,832,839,13,14,33,36,272,283,291,298,305,1299,1548,2513,2615,3036,3349,44,48,22,44,36,358,362,926,1736,1753,628,720,777,870,934,1096,1314,13,37,42,53,70,215,262,1979,2977,2999,3069,3128,3316,3337,3382,3507,3529,3589,3697,3718,3740,3762,3784,3814,152,160,168,189,196,279,666,743,832,841,982,1004,1143,1150,1201,1205,1273,203,219,284,352,74,129,207,238,530,557,575,623,641,708,726,858,885,903,943,966,81,245,1407,1529,1557,1699,1718
delete
218,228,951,972,1567,1601,1785,1215,1219,300,420,524,45,640,735,429,513,529,136,179,50,248,123,45,48,118,56,3502,55,206,282,37,48,267,131,240,117,50,100,516,587,769,840,50,79,636,769,795,43
division
424,454,456,457,489,728,732,738,773,779,789,949,953,961,997,1008,1009,1088,1648,1701,1702,1703,1707,1709,1711,1715,1719,1721,1722,1723,1880,1881,2036,2066,2067,2182,2183,2247,2332,2333,2334,2360,2482,2483,2490,2491,2508,2552,2553,2558,2559,2561,2593,2602,2603,2604,2605,2606,2652,2653,2735,2776,2779,2795,2796,3152,3153,3154,3155,3211,3212,3222,3223,3237,3238,3248,3249,3259,3260,3271,3272,3282,3283,3293,3294,3330,3331,3341,3342,3352,3353,3357,3358,3446,3517,3582,3797,4174,4177,4222,4228,184,385,387,417,492,534,884,1232,1234,1862,3108,3191,3225,3254,3329,3333,3338,3457,3565,3611,3681,3687,3700,3701,3708,3726,3730,3734,3748,3771,3897,3899,356,398,802,803,804,805,806,807,808,817,1172,1173,1176,1177,488,496,497,499,511,815,833,844,845,847,852,1212,1223,1242,1266,1268,3264,3265,3270,3271,3279,3280,911,928,929,1072,1079,1080,1081,1082,1083,1135,1190,1197,1748,1760,1761,1767,1292,1393,1484,1575,1645,1715,2886,3199,3262,3265,3268,3350,3587,3590,3593,4402,4571
dt_to_csop
ellenorzes
543
elszamoloar
explodeemailstr
1155,85
file_chmod
27,35
file_mkdir
26
file_prepare_directory
4460
fix_session_register
39
fordset
gen_ren_szam
gencimkek
68
generatecredentials
70,37
genetikaselect
get_actual_versions
38
get_arr_mams
get_bolt_by_az
get_create_password_table
57
get_csoportkoltseg
733
get_date_n_cut
get_date_n_short
get_dayname_by_dt
get_eloallat_ertekeles
get_filename
337,383
get_gykezeles_mod
get_gykezeles_tipus
get_heti_atlagarak
589
get_highchart_as_base64_image
get_hmd_arr
203,938,1040
get_hmd_arr_m
151
get_hmd_arr_m0
get_hmd_arr_m1
get_istallo_adat2dt
1003,1020,1052
get_istallo_atlagos_letszam
get_koca_allapot_dt
get_kocaertek
get_kocakoltseg
get_latest_version
9
get_monday_of_week_by_date
get_nterv_db_2_kel_bol_dt
get_permission_items
2821
get_previous_updates_table
43
get_previous_versions
219
get_rnd_by_az
4027,1491
get_scheduler_form
48
get_sunday_of_week_by_date
get_sys_var
803,987,2475,3968,635,1490,3257,20,30,52,204,205,223,224,848,854,904,908,1979,621,636,679,680,297,688,691,694,697,700,708,711,714,717,720,728,731,734,737,740,749,752,755,758,761,770,773,776,779,782,790,793,796,799,802,811,814,817,820,823,831,834,837,840,843,851,854,857,860,863,871,874,877,880,883,891,894,897,900,903,911,914,917,920,923,932,935,938,941,944,952,955,958,961,964,972,975,978,981,984,992,995,998,1001,1004,1012,1015,1018,1021,1024,1032,1035,1038,1041,1044,1052,1055,1058,1061,1064,1072,1095,1162,1175,1208,1223,1231,1261,1281,1313,1321,1329,1339,1348,1369,1402,1415,1442,1453,1454,1456,1457,1459,1460,1462,1463,1559,1637,1673,1806,1814,1832,1875,1877,1886,1923,1965,1973,2007,2015,2023,2031,2086,2095,2104,2113,2122,2148,2197,91,125,160,191,234,541,62,402,462,340,273,1154,5328,963,994,702,709,906,915,76,250,694,1666,582,204,255
get_telepi_atlagsuly
get_terv_db_2_novendek_rnd_az
get_toolbar_items
get_user_settings
2764,2817,1069,978,261,310
getaction
getalaparlistaoptions
458,537
getanimalname
getarchivenumber
316,317
getarlistanev
50
getauthdata
getavailablepanelinstances
getavailablepanels
getbankhandler
getbatch
getbuilder
getcreated
480
getcss
getcurrency
getcustomid
773
getcycleid
getdanavl
getdanavlid
123,824
getdanavlindextable
getdata
getdata1
331,338,340,377,379
getdata2
344,346,377,380
getdata3
331,350,352
getdata4
356,358
getdata5
getdate
326,327,479,558,397,789,813,1218
getdb
getdefaultazonositoforstatusz
getdefaultfilterconfig
getdefaultvalues
getdokcategories
geteditform
60,68,83,60,62
geteidtags
getentity
getevent
getfilename
getfilesize
1283,1370,1461,1552,1622,1692,4379,4552
getfilterconfig
getfilters
getfilterwidgettelep
getfilterwidgetvisible
getfirstline
getherd
566,567,304,601
gethmihandler
gethotraco
gethypor
getid
121,343,509,35,834,889,932,2274,2278,2279,2283,2290,2305,2308,46,52,65,78,95,103,105,112,118,123,252,253,493,270,813,868,1206,1240,1254,1271,228,229,465,237,260,236,237,474,1114,1115,2114,2192,2291,2360,2372,2455,2534,2544,2623,2633,2721,2831,2873,2919,2929,2954,3022,3031,3043,3100,3186,3232,3330,3372,3431,3449,3460,3465,3472,3490,3501,3504,3508,3655,3738,3800,3883,3926,3932,3943,3947,3980,4007,4171,4229,4252,4272,4278,4282,4311,4592,4596,4600,5163,5169,5175,5180,5379,5385,5466,5782,5803,5840,5867,335,336,749,228,229,465,20,48,201,230,231,436,575,703
getindexes
getjob
810
getjobid
getjoblisttable
88
getjoblisttabledata
1074
getjoblisttablefilters
87
getjoblisttablefiltersform
1054
getjobstatus
getjobzipcontents
getjs
getkonyveleskodhandler
getlist
66,74,89,1767,66,68
getlistdata
200,208,267,1523,200,196,342
getlistfilters
122,130,145,122,124
getloader
getlot
getmicrotime
getname
434,231,417,407,5882,206,410,1854
getnumber
558
getoptionsgroups
getoptionstable
getoptionstype
getoptionsuser
getpanel
getpanelbasenames
getpanelconfig
getpdf
getprocesscode
getprocesslog
getproduct
824
getprofileids
48,1478
getprofitcenterhandler
getqr
getqrimg
973,15,1045
getquerybuilder
getrowfile
getsent
1230
getsequence
getsimetek
getsingleton
getspreadsheet
getstatuscode
59,847,850,572
getstatusmessage
getstore
gettable
gettablebacktrace
gettablecompare
gettablefilters
gettablefiltersform
gettablemain
gettaskcount
1240
gettasklisttable
16,40
gettasklisttabledata
641
gettasklisttablefilters
39
gettasklisttablefiltersform
620
gettasks
384,391
gettaskstosendtable
63
gettaskstosendtabledata
500,114
gettaskstosendtabledatadaaid
44
gettaskstosendtablefilters
58
gettaskstosendtablefiltersform
91
gettelepek
gettelepterv
gettkaname
gettype
getusage
getusercolor
getvalidator
getvalue
204,836,837,890,933,116,236,237,734,306,417,217,238,377,380,416,52,203,204,229,225,246,386,389,425,2536,2625,3926,3937,3949,3950,3951,3952,3953,3954,3955,3956,3957,3958,4026,4028,4030,4032,4446,4447,5551,344,699,217,238,377,380,416
getvalues
96,351,3250,3575,4282
getversion
53
getversionfiledate
getvevofilteroptions
getweekstartandend
greatestid
gyo_actualize_rnd_keszlet_2_rak_rnd_az
1607
gyo_actualize_rnd_keszlet_2_rnd_az
1656
gyo_get_rnd_from_raktar
gyo_get_ter_keszlet
gyo_put_rnd_back_to_raktar
1637
gyo_rkeszlet_ter_dt_actualize
1433
gyo_rkeszlet_ter_dt_actualize_element
1898,1426,1432
gyo_ter_from_raktar_array
1639
his_array_filter
225,226,659,660
his_get_tka_group_array
hmi_kategoriak
hmi_kategoriak_teljes
hmi_recalc_2_hmd_az
hmi_recalc_2_vsz_az
553
hmi_szetoszto
968,1069
hypor_batch_finished_callback
hypor_batch_process_import_collect
hypor_batch_process_import_individual_details
hypor_batch_process_import_processing
hypor_batch_process_import_processing_blup
hypor_batch_process_import_repaire_sow_product_details
hypor_batch_process_import_step_piglet_details
hypor_batch_process_import_worker
hypor_batch_process_init
hypor_batch_process_sync_collect
hypor_batch_process_sync_create_file
hypor_batch_process_sync_processing
hypor_get_import_download_submit
29
hypor_get_import_send_submit
1157,33
hypor_get_import_table_form
42
hypor_get_import_table_form_submit
17
hypor_get_import_table_form_validate
14
hypor_get_import_update_submit
25
hypor_get_options_lan
473
hypor_get_options_packages
411
hypor_get_options_users
442
hypor_get_previous_packages_table
47
hypor_set_resolution
1437
hyporregister
insert
194,215,391,776,665,683,704,721,733,957,1323,1575,1652,2777,513,555,597,1254,1345,1357,1593,1793,1851,1862,2511,2533,2599,2605,1330,1341,42,211,389,469,597,132,646,726,741,148,443,502,536,639,129,168,172,99,295,303,331,345,380,175,112,155,14,107,146,3042,3099,5384,5728,5760,5909,8,195,271,390,434,471,515,523,98,6,124,223,264,137,138,222,256,341,178,223,287,107,146,112,457,505,566,706,758,819,43,69,99,130,138,599,643,775,802,116,98,94,54
isapppermission
isbetween
isdefaulttnyazonosito
isnotnull
isnotzero
78,53
istallo_getlabel
1118
istallo_printlabels
iszero
90,106,2029,2058,3509,3576,4206,1645,1439,2980,2986,4052,4056,4090,4102,4122,4126,4130,4134,4138,4158,4162,5512,5516,5544,5564,5604,5612,5616,5620,5624,5688,5692
jog_level
1433
jogosult
1343,1457
jogszint
23,43,51,1044,19
lekerdezes_jelentesek_get_average_piglet_number
lekerdezes_jelentesek_get_data
lekerdezes_jelentesek_get_filter_widgets
lekerdezes_jelentesek_get_table_all
lekerdezes_jelentesek_get_table_filters
lekerdezes_jelentesek_get_table_livestock
lekerdezes_jelentesek_get_table_sow
lekerdezes_jelentesek_get_table_sow_other
lekerdezes_jelentesek_get_table_swine
lekerdezes_jelentesek_parse_input_vars
listener_update_tth_onkoltseg_kilo
14
load
324
loadbytenyeszallat
loadbyteraz
loadclassloader
loadentityclass
loadpendingtasks
loadtasks
loggol
49,394,416,424,456,475,520,528,592,602,614,623,634,33,40,45,50,105,138,549,556,561,566,662,754,231,475,508,519,665,33,149,189,34,72,105,102,109,114,119,244,382,26,33,38,43,143,181,26,34,39,44,87,118,129,162,20,41,49,77,31,77,113,124,151,14,26,36,52,59,64,69,201,212,277,288,294,356,368,397,462,476,29,71,105,11,33,41,69,30,92,132,149,161,171,181,266,43,114,145,22,91,145,58,138,180,199,229,262,273,348,28,45,26,32,37,42,126,231,29,69,113,123,151,471,511,522,572,594,712,764,775,825,847,867,875,883,891,141,568,659,758,791,830,838,845,852,26,89,122,31,66,101,29,69,100
login
loginapikey
logout
makejobzip
mi_array_diff
658,750,224,658,655,754,787
mi_json_decode
mi_json_decode_elements
3647,3637
mi_json_encode
56,40,113,156,555
mi_json_encode_elements
3623,3613
modifycredentials
23
multiplication
126,127,454,477,478,482,656,726,728,732,738,773,779,789,949,953,961,1088,1719,1721,1722,1723,2063,2065,2068,2069,2073,2074,2231,2237,2247,2506,2507,2545,2555,2556,2748,2749,2750,2791,2801,2802,3155,3197,3209,3210,3211,3212,3220,3221,3222,3223,3233,3234,3237,3238,3246,3247,3248,3249,3257,3258,3259,3260,3269,3270,3271,3272,3280,3281,3282,3283,3291,3292,3293,3294,3328,3329,3330,3331,3341,3342,3437,3438,3507,3797,4175,4178,4213,4223,181,343,350,385,401,403,635,887,1183,1190,1232,1248,1249,3152,3192,3217,3242,3243,3251,3302,3393,3394,3395,3396,3628,3640,3644,3678,3679,3687,3709,3712,3718,3719,3721,3730,3731,3776,3777,3900,356,848,854,886,904,908,1123,1124,1172,406,489,495,511,740,816,834,843,852,869,955,1057,1229,1230,1231,1232,1233,1234,1243,1268,1271,1308,1312,2932,3461,1076,1197,1638,2886,3199,3262,3265,3268,3272,3273,3302,3350,3587,3590,3593,3597,3598,3627
newcredentials
parse_csv_file
parseinputvars
450,923,1314,478,487,439,478,100,374,326
postcurl
postupdate
pre
60
raktar_mod_actualize
raw
750,775,1039,1066,1070,1796,1815,39,380,3964
rchmod
1835
rdatum_datumbol
290,847,910,1135,1274,1412,1516,1545,2360,2467,2993,3376,3522,2916,3445
recalc_hmd
redirect
reg_clone
replace_accents
req_set_jog_szint
525
responsehandler
responsehandlersetstatus
run
save
499,41,60,80,101,113,32,30,32,37,236,258,36,2090,2111,2116,2194,2293,2355,2370,2374,2457,2526,2542,2546,2615,2631,2635,2723,2833,2875,2921,3188,3234,3332,3374,3458,3474,3499,3657,3740,3802,3885,3960,4184,4297,4313,5371,5700,37,71,24,30,28,64,68,32,93,260,702,865,873,881,889
save_user_settings
30,363
savefilterconfig
select
82,105,132,330,102,128,165,178,237,545,581,657,726,753,33,54,81,184,204,283,362,93,264,336,460,533,617,643,686,1049,1189,1256,1310,1323,1336,1378,1492,1600,1757,2685,2704,2717,2744,2757,3038,3044,3054,3060,3104,3117,3125,3135,3157,3167,3463,3858,4007,4154,4191,206,296,485,527,554,657,672,693,711,723,790,823,851,912,994,1098,1134,1273,1370,1401,1447,1462,1514,1529,1587,1622,1694,1735,1782,2052,2192,2317,2326,2334,2351,2370,2384,2426,2437,2445,2459,2476,2488,2540,2588,2711,2882,431,453,471,534,576,679,714,735,785,882,912,922,933,961,1089,1113,1145,1393,1432,1471,1503,1535,1558,1604,1607,1610,1633,1683,1699,1741,1755,1807,1814,2115,2196,2273,2282,2292,2301,2311,2320,2330,2340,2349,2358,2368,2378,2452,2613,394,724,891,929,984,1029,1154,1158,193,645,658,688,698,1059,427,531,1207,1280,1385,1439,1593,1608,1623,1692,1718,1762,1787,1925,2353,2412,2471,116,187,194,213,426,674,814,829,919,1062,1126,1137,1175,1278,1351,1385,44,90,270,285,313,349,409,423,435,454,487,560,731,882,906,985,1099,1154,1210,49,414,479,530,1246,1363,1382,1423,54,62,74,229,249,329,401,344,83,140,3101,3178,3293,3617,3966,87,334,358,409,580,601,645,729,744,975,1333,1471,56,67,116,155,219,241,91,140,203,233,380,387,525,1325,39,95,52,90,283,414,488,358,92,130,168,281,294,346,291,423,497,30,345,415,446,477,508,942,1007,1123,1753,1774,1795,1816,1837,1858,1886,1908,2024,2935,2965,2989,3003,3016,3025,3425,4201,4996,5031,5087,5110,5932,5960,5988,394,447,628,667,49,13,24,176,251,303,403,505,539,570,629,700,740,748,943,970,985,1033,1082,1129,1181,1403,1542,1626,1709,1732,1758,1853,1880,1919,82,122,44,82,283,414,488,150,48,120,131,142,402,598,624,650,134,209,229,247,298,458,510,523,537,23,121,166,294,362,103,202,552,563,42,69,88,143,205,235,288,304,405,478,573,718,733,928,1033,1108,13,84,192,319,338,464,607,824,26,87,130,182,246,293,281,334,439,527,602,485,535,551,738,788,804,934,954,1013,1020,1029,1156,1329,1352,1375,1499,1511,1535,1585,1606,1631,1721,1822,1828,1896,132,170,245,338,763,782,906,930,947,961,1123,1136,1144,1190,1197,1221,1227,1241,1272,1286,1363,1376,1384,1418,1425,1446,1451,1460,1510,1517,1550,1564,1595,100,158,77,118,45,80,117,15,69
sendjob
set_activity
510
set_client_version
11
set_default_state
set_sys_var
636,55,58,75,76,80,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,113,114,115,116,117,119,120,121,122,123,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,213,215,216,217,218,219,220,221,222,223,224,226,227,229,231,232,235,236,249,257,265,277,285,289,290,292,293,303,336,343,344,345,346,347,348,349,350,352,353,355,356,359,363,366,367,368,372,373,374,375,376,11,15,19,23,27
setaction
setarchivenumber
setauthdata
setcreated
setcustomid
setcycleid
setdanavlid
setdata1
setdata2
setdata3
setdata4
setdata5
setdate
setevent
setfilename
setherd
setid
setjob
setname
setnumber
setprocesscode
setsent
214
setstatuscode
settempdir
settype
seturlparam
setvalue
79,112,31,36,2353,2354,3947,3949,3950,3951,3952,3953,3954,3955,3956,3957,3958,4043,4049,4053,4057,4061,4064,4067,4071,4075,4079,4083,4087,4091,4095,4099,4103,4107,4111,4115,4119,4123,4127,4131,4135,4139,4143,4147,4151,4155,4159,4163,4167,4172,4181,5495,5499,5503,5509,5513,5517,5521,5525,5529,5533,5537,5541,5545,5549,5553,5557,5561,5565,5569,5573,5577,5581,5585,5589,5593,5597,5601,5605,5609,5613,5617,5621,5625,5629,5633,5637,5641,5645,5649,5653,5657,5661,5665,5669,5673,5677,5681,5685,5689,5693,5697,70,64,68,864,872,880,888
setvalues
493,35,51,26,24,213,257,30,2086,2104,2359,2525,2533,2614,2622,3454,3463,3495,4284,5370,31,24,25,259,701
setversion
setzipfilename
shorten_text
929,741,742,506,1718,171,172,397,1011,1012
sorter
szamlazfexiumpinv
1931
szamlazfexiumsinv
1918
szamlazflexium
t
111
tenyeszcelselect
teregysegfix
timezone_get_default_timezone
376,12
timezone_get_timezones
63,1925
timezone_set_timezone
88
timezone_validate
31,41,299,602
tksg_2_lag
400
tksg_allomany
16,32
tksg_allomany_2_bol
3028,689
tksg_allomany_2_lag
217
tksg_allomany_2_lan
109
tksg_allomany_2_reg
tlp_bol_data
3397,4023,3519,3522,1487
tlp_bol_heti
tlp_cache_del_bol_data
tlp_get_elhullas_szazalek_2_nap
1082
tlp_get_fajlag_2_nap
tlp_get_gyarapodas_2_nap
3435,3436,393,397,1240,1244,3133,3231,3235,3674
tlp_get_ist_stat
tlp_get_napi_vizfogyasztas_2_nap
tlp_get_rot_data
tlp_get_tapfogyasztas_2_nap
837,890,4148,35
tlp_get_tapfogyasztas_ft_2_nap
tlp_get_telepikoltseg
tlp_get_terv_db
tlp_get_testtomeg_sor_2_nap
2019,378,382,882,1225,1229
tlp_get_testtomeg_tabla
720,762,819,870,938,988,1044,1110,1128,1146,2000
tlp_get_testtomeg_tabla_tap_atlagar
tlp_get_testtomeg_tabla_tap_osszes
tlp_get_tksg
1168
tlp_rot_malacszam
tny_csoport_allapot_modositas
9
tny_get_csoport_aktiv_kocak_szama
2775
tny_get_inkubator_kocak
tny_get_inkubator_kocasor
2694,2455
tny_get_inkubator_termek
2589
tny_gyo_rkeszlet_ter_dt_actualize
1668
tny_gyo_rkeszlet_ter_dt_actualize_element
1661,1667
tny_query_csoport_stat
tny_query_koca
1219,1234,1238,1242,1246,1307,1325,1329,1333,1337
tny_recount_alom
3478,3513
tojas_keszlet
tojas_keszlet_actualize
tostring
385,392
trim_fulszam
truncate
truncatehtml2
tth_calculate_data
38
unit2unit
1523,1552,1749,1770
unix_datumbol
44,45,99,100,51,52,117,118
unix_rdatumbol
1227,1284,1306,4028,794,795,1420,1421,1888,1997,1998,1999,2156,2157,2173,2175,3117,3122,3151,1492
update
185,40,1921,1934,2309,2399,2767,2400,2607,2705,2711,2735,2740,2758,2764,2779,2801,191,88,125,205,244,259,402,407,440,450,464,484,507,512,544,560,567,586,607,617,628,54,102,570,634,212,402,48,123,28,68,25,95,123,239,47,139,48,83,9,28,33,61,71,25,76,1440,3082,3087,3139,3144,18,30,73,171,246,352,364,23,66,19,24,53,63,24,88,143,155,165,175,194,37,110,37,78,52,125,176,192,22,39,46,123,23,65,562,697,714,857,40,86,25,65,23,66
useravailable
userisloggedin
validate
25,29,27,233,33,34,27,29
validateemails
602,688
validatepasswordcomplexity
96,581,587
varset
241,240,613,345
write_back_arr_hmr
204,939,1041
user input
type[parameter]taints
$_COOKIE54
$_FILES54
$_FILES[custom_logo]307 ,315 ,322
$_FILES[dok_file]336 ,337 ,338 ,382 ,383 ,384
$_FILES[hypor_file]701
$_GET54
$_GET[ajax]10 ,12 ,193 ,249 ,61 ,63 ,67
$_GET[ark_az]172
$_GET[funkcio]119
$_GET[nosession]63
$_POST54 ,543 ,249 ,447 ,920 ,1311 ,194 ,250 ,47 ,19 ,591 ,686 ,29
$_POST[acs_aktiv]295
$_POST[action]21 ,25 ,24
$_POST[api_kotelezo_azonositok]58
$_POST[ark_az]200 ,201 ,255
$_POST[ark_is_default]227
$_POST[bol_cou_id]1271 ,1549
$_POST[bol_vep_az]1285 ,1563
$_POST[custom_logo_delete]296
$_POST[daa_status]399
$_POST[daj_id]75
$_POST[dat_daj_id]16 ,30
$_POST[dat_id]52
$_POST[do]15 ,28 ,45 ,74
$_POST[download]28
$_POST[dt_end]540 ,988 ,85 ,108 ,384 ,385 ,670 ,37 ,21
$_POST[dt_start]539 ,987 ,84 ,107 ,380 ,381 ,669 ,36 ,20
$_POST[email]233 ,35
$_POST[fel_beosztas]1373
$_POST[fel_mma_az]1381
$_POST[fel_szint]1362
$_POST[felvitel]9
$_POST[filename]890
$_POST[filepath]891
$_POST[filter_datum_tipus]528
$_POST[gyp_aktiv]287
$_POST[gyt_cou_id]1174 ,1384
$_POST[gyt_gyp_az]1061 ,1277
$_POST[hmk2ter]13 ,21
$_POST[hmk_del]37 ,38
$_POST[hmk_leiras]22
$_POST[hmk_nev]21 ,26 ,30
$_POST[hmk_sorrend]17 ,20
$_POST[hy_herdef_aktiv]284
$_POST[hypor_application_sender]14 ,15
$_POST[hypor_cron_active]18 ,19
$_POST[hypor_cron_day]22 ,23
$_POST[hypor_cron_email]26 ,27
$_POST[hypor_date_from]764
$_POST[hypor_fel_az]443 ,739 ,758
$_POST[hypor_gen_az]505 ,735 ,760
$_POST[hypor_import_mode]342 ,700 ,756
$_POST[hypor_import_package]412 ,731 ,757
$_POST[hypor_lan_az]474 ,743 ,759
$_POST[hypor_rows]718 ,727 ,793 ,796 ,798 ,816 ,819 ,821 ,843 ,846 ,848
$_POST[hypor_save_key]763
$_POST[hypor_sender_id]10 ,11
$_POST[hypor_tattoo]535 ,761
$_POST[hypor_tattoo_all]762
$_POST[icons]29
$_POST[is_purchase_]555
$_POST[is_purchase_new]481
$_POST[ldb_fel_az]140 ,396 ,397
$_POST[ldb_tabla]129 ,392 ,393
$_POST[ldb_tipus]118 ,388 ,389
$_POST[login]180 ,297 ,16 ,20 ,23 ,37
$_POST[new_password]23
$_POST[new_password_2]23
$_POST[nosession]63
$_POST[nyelvfrissites]58 ,59
$_POST[old_password]23
$_POST[package]142 ,889 ,936 ,944 ,34
$_POST[range]341 ,342
$_POST[run]13
$_POST[save]18
$_POST[send]32
$_POST[telepaz]337 ,338
$_POST[ter_acs_az]1497
$_POST[tth_fajlag_onkoltseg]29
$_POST[tth_hizlal_koltseg]27
$_POST[tth_onkoltseg]26
$_POST[type]888
$_POST[update]24
$_POST[user_id]26 ,30
$_POST[vep_aktiv]287
$_POST[visible_panels]346 ,347
$_REQUEST16 ,26 ,24 ,30 ,31 ,11 ,24 ,23 ,25
$_REQUEST[acs_aktiv]491 ,492
$_REQUEST[acs_nev]21
$_REQUEST[action]13 ,14 ,18 ,138 ,34 ,11 ,12 ,16 ,136 ,11 ,12 ,16 ,144 ,14 ,15 ,19 ,159 ,846 ,11 ,12 ,16 ,136 ,35 ,11 ,12 ,16 ,138
$_REQUEST[aela]72 ,73 ,112 ,113 ,360
$_REQUEST[ajanlatok_download_pdf]74
$_REQUEST[ajanlatok_email_send]82
$_REQUEST[aktualis]506 ,511 ,537
$_REQUEST[alp]274 ,470 ,440 ,449 ,726 ,440 ,552
$_REQUEST[ark_az]56 ,57
$_REQUEST[bazis_ar_arfolyam_mod]627 ,740
$_REQUEST[bazis_ar_decimals]626 ,739
$_REQUEST[btn_qr_print_list]21
$_REQUEST[btt_del]338 ,340 ,341
$_REQUEST[chk_f2l]484 ,84
$_REQUEST[chk_lan2lag]89
$_REQUEST[chk_t2l]482 ,735
$_REQUEST[content]75 ,87
$_REQUEST[daa_cronjob_on]23
$_REQUEST[daa_status]443 ,444
$_REQUEST[date_e]22
$_REQUEST[date_s]21
$_REQUEST[do]26 ,72 ,86 ,132 ,25 ,34 ,17 ,18 ,34 ,15 ,23 ,10 ,11 ,23 ,116 ,160 ,551 ,559
$_REQUEST[do_bb]497 ,498 ,536
$_REQUEST[dok_az]301
$_REQUEST[dok_dkk_az]325 ,326 ,378
$_REQUEST[dok_file_del]330 ,331
$_REQUEST[dok_filter_dkk_az]1403
$_REQUEST[dok_leiras]321 ,322 ,377
$_REQUEST[dok_nev]299 ,300
$_REQUEST[elhullas_napok_szama]35
$_REQUEST[elhullas_szazalek]38
$_REQUEST[emails]85
$_REQUEST[entity_id]22 ,45 ,20 ,43 ,26 ,51 ,27 ,50 ,65 ,20 ,43 ,20 ,45
$_REQUEST[fazis_tap_$_USERINPUT]21
$_REQUEST[fel_az]51
$_REQUEST[filter_aktiv_e]867 ,868
$_REQUEST[filter_gen_az]509 ,510 ,512 ,765 ,766 ,768
$_REQUEST[filter_lan_az]82 ,22 ,430
$_REQUEST[filter_rot_az]501 ,502 ,504 ,757 ,758 ,760
$_REQUEST[filter_text]27
$_REQUEST[filter_tka_az]16
$_REQUEST[flex_cikkszam]207 ,614
$_REQUEST[funkcio]11
$_REQUEST[gkh_az]30 ,74 ,90 ,134
$_REQUEST[gkh_dt_ig]38
$_REQUEST[gkh_dt_tol]37
$_REQUEST[gkr_ertek]56
$_REQUEST[gkr_kotber_ertek_minimum]58
$_REQUEST[gkr_kotber_szazalek]57
$_REQUEST[gkr_mod]55
$_REQUEST[gkr_ora_ig]54
$_REQUEST[gkr_ora_tol]49
$_REQUEST[gyp_aktiv]482 ,483
$_REQUEST[gyt_az]29 ,73 ,89 ,133
$_REQUEST[gyt_kulso_kod]606 ,692
$_REQUEST[hmk_az]13
$_REQUEST[hotraco_key]251 ,695 ,1670
$_REQUEST[hy_herdef_aktiv]330
$_REQUEST[idokat_az]63
$_REQUEST[idokat_ejszakai]68
$_REQUEST[idokat_title]67
$_REQUEST[ist_telep_azonosito]13
$_REQUEST[kategoria]61
$_REQUEST[kulso_kod]593 ,708
$_REQUEST[lan_az]23
$_REQUEST[lan_profil_bitmask]123 ,124 ,128
$_REQUEST[ldb_az]16 ,24
$_REQUEST[mka]773 ,774
$_REQUEST[multisite_key]152 ,153
$_REQUEST[name]96
$_REQUEST[nevelesi_meres_rogzites]1565
$_REQUEST[novendek_ar]38
$_REQUEST[premium]66 ,95
$_REQUEST[premium_tipus]96
$_REQUEST[prg]274 ,470 ,440 ,449 ,726 ,440 ,552
$_REQUEST[save]28 ,26 ,32 ,44 ,22 ,33 ,26 ,28
$_REQUEST[suly_ig]92
$_REQUEST[suly_kat_ig]49
$_REQUEST[suly_kat_nev]47
$_REQUEST[suly_kat_tol]44 ,48
$_REQUEST[suly_kategoria]90
$_REQUEST[suly_szinh_ig]94
$_REQUEST[suly_szinh_tol]93
$_REQUEST[szinh_ig]63
$_REQUEST[szinh_suly_ig]65
$_REQUEST[szinh_suly_tol]64
$_REQUEST[tap_atlagar]38
$_REQUEST[tcs_az]548 ,801
$_REQUEST[telepi_ktsg_osszes_atlag]192
$_REQUEST[tka_az]1142
$_REQUEST[tth_az]35
$_REQUEST[tth_fazisok]20
$_REQUEST[vbol_az]24 ,161
$_REQUEST[vep_aktiv]482 ,483
$_REQUEST[vsz_az]39 ,40 ,122 ,162 ,553 ,560
$_SERVER[HTTP_HOST]22 ,86 ,534
$_SERVER[HTTP_USER_AGENT]109
$_SERVER[HTTP_X_REQUESTED_WITH]25 ,24 ,18
$_SERVER[REMOTE_ADDR]216
scanned files and includes
/product_destination.php
/help.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/bazis.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/class_user.inc.php
  • /var/www/drupalvm/dev.animalsoft.test/vendor/autoload.php
  • /var/www/drupalvm/dev.animalsoft.test/vendor/composer/autoload_real.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/config/config.inc.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/config/project-config.inc.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/Animal/Animal.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/Animal/includes/date.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/Animal/includes/timezone.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/Animal/includes/common.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/Animal/includes/file.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/Hypor/autoloader.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/autoloader.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/config.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlDatabase.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlBase.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlCommunicator.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlJob.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskInterface.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskBase.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskDeleteSowEntryInHerd.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskSowEntryInHerd.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskChangeSowName.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskDeleteBoarEntryInHerd.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskBoarEntryInHerd.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskChangeBoarName.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskDeleteBreedingAnimalDeparture.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskBreedingAnimalDeparture.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskDeleteMating.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskMating.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskMatingWithSemenCollectionDate.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskDeleteFarrowing.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskFarrowing.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskFarrowingWithNumbersOfEachGenderInTheLitter.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskAbortionAbnormalLitter.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskDeleteYoungAnimal.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskCreateYoungAnimal.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskDeleteYoungAnimalEntryInHerd.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskYoungAnimalEntryInHerd.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskDeleteYoungAnimalDeparture.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskYoungAnimalDeparture.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/functions/functions_event.inc.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/functions/functions_tksg.inc.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/functions/functions_2.inc.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/functions/functions_3.inc.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/functions/functions_tny.inc.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/functions/functions_hmd.inc.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/functions/genCimkek.php
/beallitasok.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/bazis.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/class_user.inc.php
  • /var/www/drupalvm/dev.animalsoft.test/vendor/autoload.php
  • /var/www/drupalvm/dev.animalsoft.test/vendor/composer/autoload_real.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/config/config.inc.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/config/project-config.inc.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/Animal/Animal.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/Animal/includes/date.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/Animal/includes/timezone.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/Animal/includes/common.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/Animal/includes/file.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/Hypor/autoloader.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/autoloader.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/config.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlDatabase.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlBase.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlCommunicator.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlJob.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskInterface.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskBase.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskDeleteSowEntryInHerd.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskSowEntryInHerd.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskChangeSowName.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskDeleteBoarEntryInHerd.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskBoarEntryInHerd.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskChangeBoarName.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskDeleteBreedingAnimalDeparture.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskBreedingAnimalDeparture.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskDeleteMating.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskMating.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskMatingWithSemenCollectionDate.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskDeleteFarrowing.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskFarrowing.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskFarrowingWithNumbersOfEachGenderInTheLitter.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskAbortionAbnormalLitter.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskDeleteYoungAnimal.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskCreateYoungAnimal.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskDeleteYoungAnimalEntryInHerd.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskYoungAnimalEntryInHerd.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskDeleteYoungAnimalDeparture.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskYoungAnimalDeparture.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/functions/functions_event.inc.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/functions/functions_tksg.inc.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/functions/functions_2.inc.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/functions/functions_3.inc.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/functions/functions_tny.inc.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/functions/functions_hmd.inc.php
/termekcsoportok.php
/hypor_beallitasok.php
/gyarto.php
/felhasznalok.php
  • /includes/jelszocsere_functions.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/fooldal/includes/DashboardController.php
/future_litter.php
/beltartalom_tulajdonsag.php
/dolgozok.php
/lekerdezes_jelentesek.php
/testtomeg_tabla.php
/torony.php
/raktar.php
/danavl_csomagok.php
  • /includes/danavl_functions.php
/logins.php
/_bank.php
/gyarto_profil.php
/arlista.php
  • /includes/arkalkulator.list.php
  • /includes/arkalkulator.php
/telep_group.php
/danavl_index.php
  • /includes/danavl_functions.php
/version_management.php
  • /includes/version_management_functions.php
/arucsoportok.php
/hypor_import.php
  • /includes/hypor_functions.php
/danavl_hozzaferes.php
/afa.php
/telep.php
/jelszocsere.php
  • /includes/jelszocsere_functions.php
/kevero.php
/_profitcenter.php
/husminosegkategoriak.php
  • /husminosegkategoria.php
/vevo_profil.php
/termek_elszamoloar.php
/includes/termek_husminositeskategoriak.php
/includes/arkalkulator.list.php
/includes/jelszocsere_functions.php
/includes/arkalkulator.php
/includes/hypor_functions.php
/includes/danavl_functions.php
/includes/version_management_functions.php
/log_db.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/bazis.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/class_user.inc.php
  • /var/www/drupalvm/dev.animalsoft.test/vendor/autoload.php
  • /var/www/drupalvm/dev.animalsoft.test/vendor/composer/autoload_real.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/config/config.inc.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/config/project-config.inc.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/Animal/Animal.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/Animal/includes/date.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/Animal/includes/timezone.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/Animal/includes/common.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/Animal/includes/file.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/Hypor/autoloader.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/autoloader.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/config.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlDatabase.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlBase.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlCommunicator.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlJob.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskInterface.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskBase.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskDeleteSowEntryInHerd.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskSowEntryInHerd.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskChangeSowName.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskDeleteBoarEntryInHerd.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskBoarEntryInHerd.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskChangeBoarName.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskDeleteBreedingAnimalDeparture.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskBreedingAnimalDeparture.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskDeleteMating.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskMating.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskMatingWithSemenCollectionDate.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskDeleteFarrowing.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskFarrowing.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskFarrowingWithNumbersOfEachGenderInTheLitter.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskAbortionAbnormalLitter.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskDeleteYoungAnimal.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskCreateYoungAnimal.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskDeleteYoungAnimalEntryInHerd.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskYoungAnimalEntryInHerd.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskDeleteYoungAnimalDeparture.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/classes/DanAvl/DanAvlTaskYoungAnimalDeparture.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/functions/functions_event.inc.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/functions/functions_tksg.inc.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/functions/functions_2.inc.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/functions/functions_3.inc.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/functions/functions_tny.inc.php
  • /var/www/drupalvm/dev.animalsoft.test/noweb/system/functions/functions_hmd.inc.php
/ajanlatok.php
  • /includes/arkalkulator.php
/alapanyag_csoportok.php
/hypor_tattoo_series.php
/istallo.php
/modules.php
/genetika.php
/danavl_esemenyek.php
  • /includes/danavl_functions.php
/feladatok.php
/hypor_heritable_defects.php
/termek.php
  • /includes/termek_husminositeskategoriak.php
/vevo.php
/torzs.php
/telepi_ktsgnem.php
/danavl_bejelentes.php
  • /includes/danavl_functions.php
/log.php
/husminosegkategoria.php
/majkategoria.php
/teljesitesi_terv.php
Result

Code Execution:
75
File Disclosure:
3
File Inclusion:
4
File Manipulation:
8
SQL Injection:
65
Cross-Site Scripting:
328
Possible Flow Control:
4
Sum:487

Scanned files:59
Include success:159/174 (91%)
Considered sinks:303
User-defined functions:529
Unique sources:186
Sensitive sinks:7990

Info:Code is object-oriented. This is not supported yet and can lead to false negatives.
Info:uses sessions

Scan time: 5.452 seconds
File: /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/help.php

Possible Flow Control

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 16: extract extract($_REQUEST) // bazis.php
  • Vulnerability is also triggered in:
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/beallitasok.php
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/log_db.php
Possible Flow Control

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 54: $superglobals = [$_FILES$_COOKIE$_POST$_GET] // bazis.php
  • 58: foreach($superglobals as $superglobal) // bazis.php
  • 59: extract extract($superglobalEXTR_SKIP) // bazis.php
    • requires:
      • 53: if(!ini_get('register_globals'))
  • Vulnerability is also triggered in:
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/beallitasok.php
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/log_db.php
File Inclusion

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 54: $superglobals = [$_FILES$_COOKIE$_POST$_GET] // bazis.phpif(!ini_get('register_globals')),
  • 58: foreach($superglobals as $superglobal) // bazis.phpif(!ini_get('register_globals')),
  • 59: extract($superglobalEXTR_SKIP) // bazis.phpregister_globals implementationif(!ini_get('register_globals')),
  • 24: $relative_class = substr($class$len) // autoloader.php
  • 29: $file = $base_dir . str_replace('\\''/'$relative_class) . '.php' // autoloader.php
  • 33: require_once require_once $file // autoloader.php
    • requires:
      • 32: if(file_exists($file))
  • Vulnerability is also triggered in:
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/beallitasok.php
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/log_db.php
File Inclusion

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 621: $def_lang = get_sys_var('site_language_default') // bazis.php
  • 630: $_lang = $def_lang // bazis.phpelseif(isset($_SESSION) && isset($languages)) else ,
  • 54: $superglobals = [$_FILES$_COOKIE$_POST$_GET] // bazis.phpif(!ini_get('register_globals')),
  • 58: foreach($superglobals as $superglobal) // bazis.phpif(!ini_get('register_globals')),
  • 59: extract($superglobalEXTR_SKIP) // bazis.phpregister_globals implementationif(!ini_get('register_globals')),
  • 624: $_SESSION['language'] = $_lang = $sel_lang // bazis.phpif(isset($sel_lang) && isset($languages)),
  • 627: $_lang = $_SESSION['language'] // bazis.phpelseif(isset($_SESSION) && isset($languages)),
  • 633: define('SITE_LANGUAGE'$_lang) // bazis.php define()
  • 649: $nyelv_filenev = __DIR__ . '/translations/' . SITE_LANGUAGE . '.php' // bazis.php
  • 651: require require $nyelv_filenev // bazis.php
    • requires:
      • 650: if(is_file($nyelv_filenev))
  • Vulnerability is also triggered in:
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/beallitasok.php
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/log_db.php
File Inclusion

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 621: $def_lang = get_sys_var('site_language_default') // bazis.php
  • 630: $_lang = $def_lang // bazis.phpelseif(isset($_SESSION) && isset($languages)) else ,
  • 54: $superglobals = [$_FILES$_COOKIE$_POST$_GET] // bazis.phpif(!ini_get('register_globals')),
  • 58: foreach($superglobals as $superglobal) // bazis.phpif(!ini_get('register_globals')),
  • 59: extract($superglobalEXTR_SKIP) // bazis.phpregister_globals implementationif(!ini_get('register_globals')),
  • 624: $_SESSION['language'] = $_lang = $sel_lang // bazis.phpif(isset($sel_lang) && isset($languages)),
  • 627: $_lang = $_SESSION['language'] // bazis.phpelseif(isset($_SESSION) && isset($languages)),
  • 633: define('SITE_LANGUAGE'$_lang) // bazis.php define()
  • 653: $nyelv_filenev = __DIR__ . '/bin/cimkek.' . SITE_LANGUAGE . '.php')) // bazis.php
  • 654: require require $nyelv_filenev // bazis.php
    • requires:
      • 653: elseif(is_file($nyelv_filenev = __DIR__ . '/bin/cimkek.' . SITE_LANGUAGE . '.php'))
  • Vulnerability is also triggered in:
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/beallitasok.php
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/log_db.php
SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 54: $superglobals = [$_FILES$_COOKIE$_POST$_GET] // bazis.phpif(!ini_get('register_globals')),
  • 58: foreach($superglobals as $superglobal) // bazis.phpif(!ini_get('register_globals')),
  • 59: extract($superglobalEXTR_SKIP) // bazis.phpregister_globals implementationif(!ini_get('register_globals')),
  • 54: select $ret = $pdo->select ("SELECT   MIN(alb_dt) as min_alb_dt,    MAX(alb_dt) as max_alb_dt  FROM io_allomany_bolt   JOIN io_bolt ON alb_bol_az=bol_az  JOIN io_vevo ON bol_vev_az=vev_az   JOIN io_regio ON vev_reg_az=reg_az  JOIN io_lanc ON reg_lan_az=lan_az   WHERE bol_del = 0 AND reg_del = 0 AND lan_del = 0 $cond ") // functions_tksg.inc.php
  • Vulnerability is also triggered in:
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/beallitasok.php
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/log_db.php
SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 54: $superglobals = [$_FILES$_COOKIE$_POST$_GET] // bazis.phpif(!ini_get('register_globals')),
  • 58: foreach($superglobals as $superglobal) // bazis.phpif(!ini_get('register_globals')),
  • 59: extract($superglobalEXTR_SKIP) // bazis.phpregister_globals implementationif(!ini_get('register_globals')),
  • 81: select $res = $pdo->select ("SELECT   DATE_FORMAT(alb_dt,'%Y_%m') as Ym,    DATE_FORMAT(LAST_DAY(alb_dt),'%e') as Ym_t,  SUM(alb_zaro_db) as sum_zaro_db,  AVG(alb_zaro_db) as avg_zaro_db,  SUM(IF(alb_zaro_db!=0,1,0)) as cnt_rows,   COUNT(DISTINCT alb_dt) as cnt_d,  lan_az,reg_az,bol_az  FROM io_allomany_bolt   JOIN io_bolt ON alb_bol_az = bol_az  JOIN io_vevo ON bol_vev_az = vev_az   JOIN io_regio ON vev_reg_az = reg_az  JOIN io_lanc  ON reg_lan_az = lan_az   WHERE bol_del = 0 AND reg_del = 0 AND lan_del = 0 $cond  GROUP BY Ym, lan_az  ORDER BY Ym") // functions_tksg.inc.php
  • Vulnerability is also triggered in:
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/beallitasok.php
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/log_db.php
SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 153: $prefix = 'ate' : 'alo' // functions_tksg.inc.php
  • 152: $table = 'io_tny_allomany' : 'io_allomany' // functions_tksg.inc.php
  • 177: $cond = "" // functions_tksg.inc.php
  • 54: $superglobals = [$_FILES$_COOKIE$_POST$_GET] // bazis.phpif(!ini_get('register_globals')),
  • 58: foreach($superglobals as $superglobal) // bazis.phpif(!ini_get('register_globals')),
  • 59: extract($superglobalEXTR_SKIP) // bazis.phpregister_globals implementationif(!ini_get('register_globals')),
  • 178: $cond .= " AND alo_lan_az = '" . $lan_az . "'" // functions_tksg.inc.php
  • 180: $sql = "SELECT MIN(" . $prefix . "_dt) as min_d, MAX(" . $prefix . "_dt) as max_d   FROM " . $table . "   WHERE " . $prefix . "_dt <= NOW() $cond " // functions_tksg.inc.php
  • 184: select $row = $pdo->select ($sql) // functions_tksg.inc.php
    • requires:
      • 176: if($from_Y > 0) else 
  • Vulnerability is also triggered in:
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/beallitasok.php
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/log_db.php
SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 177: $cond = "" // functions_tksg.inc.phpif($from_Y > 0) else ,
  • 54: $superglobals = [$_FILES$_COOKIE$_POST$_GET] // bazis.phpif(!ini_get('register_globals')),
  • 58: foreach($superglobals as $superglobal) // bazis.phpif(!ini_get('register_globals')),
  • 59: extract($superglobalEXTR_SKIP) // bazis.phpregister_globals implementationif(!ini_get('register_globals')),
  • 178: $cond .= " AND alo_lan_az = '" . $lan_az . "'" // functions_tksg.inc.phpif($from_Y > 0) else ,
  • 191: $dt_start = "2010-01-01" // functions_tksg.inc.phpif($from_Y > 0) else , if(strtotime($dt_start) < strtotime("2010-01-01")),
  • 199: $from_Y = date("Y"strtotime($dt_start)) // functions_tksg.inc.php
  • 269: $cond .= " AND tsg_ev>='" . $from_Y . "'" // functions_tksg.inc.phpif($from_Y),
  • 271: $to_Y = $from_Y // functions_tksg.inc.phpif($from_Y), if(!$to_Y),
  • 275: $cond .= " AND tsg_ev<='" . $to_Y . "'" // functions_tksg.inc.phpif($to_Y),
  • 283: select $res = $pdo->select ("SELECT tsg_lag_az, tsg_ev, tsg_honap,          SUM(tsg_osszeg) as tsg_osszeg        FROM io_telepi_koltseg        WHERE 1 $cond        GROUP BY tsg_ev, tsg_honap        ORDER BY tsg_ev, tsg_honap") // functions_tksg.inc.php
    • requires:
      • 280: if(empty($_stored_data[$key]))
  • Vulnerability is also triggered in:
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/beallitasok.php
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/log_db.php
SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 153: $prefix = 'ate' : 'alo' // functions_tksg.inc.php
  • 152: $table = 'io_tny_allomany' : 'io_allomany' // functions_tksg.inc.php
  • 54: $superglobals = [$_FILES$_COOKIE$_POST$_GET] // bazis.phpif(!ini_get('register_globals')),
  • 58: foreach($superglobals as $superglobal) // bazis.phpif(!ini_get('register_globals')),
  • 59: extract($superglobalEXTR_SKIP) // bazis.phpregister_globals implementationif(!ini_get('register_globals')),
  • 355: $cond = " AND " . $prefix . "_lan_az IN (SELECT l2l_lan_az FROM io_lan2lag WHERE l2l_lag_az = '" . $lag_az . "')" // functions_tksg.inc.phpif($lag_az),
  • 358: $sql = "SELECT MIN(" . $prefix . "_dt) as min_d, MAX(" . $prefix . "_dt) as max_d   FROM " . $table . "   WHERE " . $prefix . "_dt <= NOW() $cond " // functions_tksg.inc.php
  • 362: select $row = $pdo->select ($sql) // functions_tksg.inc.php
    • requires:
      • 323: if(empty($_stored_data[$key]))
      • 351: if($from_Y > 0) else 
  • Vulnerability is also triggered in:
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/beallitasok.php
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/log_db.php
SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 153: $prefix = 'ate' : 'alo' // functions_tksg.inc.php
  • 54: $superglobals = [$_FILES$_COOKIE$_POST$_GET] // bazis.phpif(!ini_get('register_globals')),
  • 58: foreach($superglobals as $superglobal) // bazis.phpif(!ini_get('register_globals')),
  • 59: extract($superglobalEXTR_SKIP) // bazis.phpregister_globals implementationif(!ini_get('register_globals')),
  • 406: $cond = " AND a1." . $prefix . "_lan_az IN (SELECT l2l_lan_az FROM io_lan2lag WHERE l2l_lag_az = '" . $lag_az . "') " // functions_tksg.inc.phpif(empty($_stored_data)), if(!empty($lag_az)),
  • 524: $cond .= " AND trr_trh_az NOT IN ('" . implode("', '"$exception_trh) . "') " // functions_2.inc.phpif(sizeof($exception_trh)),
  • 527: $sql = "SELECT *, SUM(trr_terv_db) as x_db    FROM io_nteritesi_terv_reszletei    WHERE trr_kel_az = :trr_kel_az      AND trr_bol_az = :trr_bol_az      AND trr_dt_be = :trr_dt_be " . $cond // functions_2.inc.php
  • 533: select $res = $pdo->select ($sql[':trr_kel_az'=>$kel_az':trr_bol_az'=>$bol_az':trr_dt_be'=>$dt]) // functions_2.inc.php
  • Vulnerability is also triggered in:
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/beallitasok.php
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/log_db.php
SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 153: $prefix = 'ate' : 'alo' // functions_tksg.inc.php
  • 54: $superglobals = [$_FILES$_COOKIE$_POST$_GET] // bazis.phpif(!ini_get('register_globals')),
  • 58: foreach($superglobals as $superglobal) // bazis.phpif(!ini_get('register_globals')),
  • 59: extract($superglobalEXTR_SKIP) // bazis.phpregister_globals implementationif(!ini_get('register_globals')),
  • 406: $cond = " AND a1." . $prefix . "_lan_az IN (SELECT l2l_lan_az FROM io_lan2lag WHERE l2l_lag_az = '" . $lag_az . "') " // functions_tksg.inc.phpif(empty($_stored_data)), if(!empty($lag_az)),
  • 524: $cond .= " AND trr_trh_az NOT IN ('" . implode("', '"$exception_trh) . "') " // functions_2.inc.phpif(sizeof($exception_trh)),
  • 599: $cond .= " AND trr_trh_az NOT IN ('" . implode("', '"$exception_trh) . "') " // functions_2.inc.phpif(sizeof($exception_trh)),
  • 603: $cond .= " AND trh_ertekesites = 1 " // functions_2.inc.phpif($ertekesites == TRUE),
  • 606: $cond .= " AND trh_ertekesites = 0 " // functions_2.inc.phpif($ertekesites == TRUE) else ,
  • 609: $sql = "SELECT *,       SUM(trr_terv_db) as x_db,       SUM(IF(trr_megvalosult>0,0,trr_terv_db)) as x_db_nem_megvalosult    FROM io_teritesi_terv_reszletei    LEFT JOIN io_teritesi_terv ON trr_trh_az=trh_az    WHERE trh_del = 0      AND trr_nevelo_rnd_az = :trr_nevelo_rnd_az " . $cond // functions_2.inc.php
  • 617: select $res = $pdo->select ($sql[':trr_nevelo_rnd_az'=>$nevelo_rnd_az]) // functions_2.inc.php
  • Vulnerability is also triggered in:
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/beallitasok.php
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/log_db.php
SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 153: $prefix = 'ate' : 'alo' // functions_tksg.inc.php
  • 54: $superglobals = [$_FILES$_COOKIE$_POST$_GET] // bazis.phpif(!ini_get('register_globals')),
  • 58: foreach($superglobals as $superglobal) // bazis.phpif(!ini_get('register_globals')),
  • 59: extract($superglobalEXTR_SKIP) // bazis.phpregister_globals implementationif(!ini_get('register_globals')),
  • 406: $cond = " AND a1." . $prefix . "_lan_az IN (SELECT l2l_lan_az FROM io_lan2lag WHERE l2l_lag_az = '" . $lag_az . "') " // functions_tksg.inc.phpif(empty($_stored_data)), if(!empty($lag_az)),
  • 524: $cond .= " AND trr_trh_az NOT IN ('" . implode("', '"$exception_trh) . "') " // functions_2.inc.phpif(sizeof($exception_trh)),
  • 599: $cond .= " AND trr_trh_az NOT IN ('" . implode("', '"$exception_trh) . "') " // functions_2.inc.phpif(sizeof($exception_trh)),
  • 603: $cond .= " AND trh_ertekesites = 1 " // functions_2.inc.phpif($ertekesites == TRUE),
  • 606: $cond .= " AND trh_ertekesites = 0 " // functions_2.inc.phpif($ertekesites == TRUE) else ,
  • 1189: select $res = $pdo->select ("SELECT tsg_lag_az, tsg_ev, tsg_honap,       SUM(tsg_osszeg) as tsg_osszeg  FROM io_telepi_koltseg  WHERE 1 $cond  GROUP BY tsg_ev, tsg_honap  ORDER BY tsg_ev, tsg_honap") // functions_2.inc.php
  • Vulnerability is also triggered in:
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/beallitasok.php
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/log_db.php
SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 153: $prefix = 'ate' : 'alo' // functions_tksg.inc.php
  • 54: $superglobals = [$_FILES$_COOKIE$_POST$_GET] // bazis.phpif(!ini_get('register_globals')),
  • 58: foreach($superglobals as $superglobal) // bazis.phpif(!ini_get('register_globals')),
  • 59: extract($superglobalEXTR_SKIP) // bazis.phpregister_globals implementationif(!ini_get('register_globals')),
  • 406: $cond = " AND a1." . $prefix . "_lan_az IN (SELECT l2l_lan_az FROM io_lan2lag WHERE l2l_lag_az = '" . $lag_az . "') " // functions_tksg.inc.phpif(empty($_stored_data)), if(!empty($lag_az)),
  • 524: $cond .= " AND trr_trh_az NOT IN ('" . implode("', '"$exception_trh) . "') " // functions_2.inc.phpif(sizeof($exception_trh)),
  • 599: $cond .= " AND trr_trh_az NOT IN ('" . implode("', '"$exception_trh) . "') " // functions_2.inc.phpif(sizeof($exception_trh)),
  • 603: $cond .= " AND trh_ertekesites = 1 " // functions_2.inc.phpif($ertekesites == TRUE),
  • 606: $cond .= " AND trh_ertekesites = 0 " // functions_2.inc.phpif($ertekesites == TRUE) else ,
  • 1226: $cond .= " AND ren_szallitas <= '{$rdatum}" // functions_2.inc.phpif($rdatum != FALSE),
  • 1233: $_sql = "(SELECT rnd_az, ren_bol_az, tka_csop_name, reg_az, reg_nev, bol_nev, rnd_kiszallitott, reg_tth_az, ren_szallitas    FROM io_rendeles  JOIN io_rendeles_reszletei ON ren_az=rnd_ren_az  JOIN io_termekkategoria ON ren_telep_tka_az=tka_az  JOIN io_bolt ON bol_az=ren_bol_az AND bol_del=0  JOIN io_vevo ON vev_az=bol_vev_az AND vev_del=0  JOIN io_regio ON reg_az=vev_reg_az AND reg_del=0  JOIN io_lanc ON lan_az=reg_lan_az AND lan_del=0    WHERE ren_del=0 AND ren_telep_tka_az>0      AND tka_csop_name NOT IN ('gyogyszer', 'tap', 'egyeb_kiadas', 'egyeb_bevetel')      $cond  ) UNION (SELECT rnd_az, ren_bol_az, tka_csop_name, reg_az, reg_nev, bol_nev, rnd_kiszallitott, reg_tth_az, ren_szallitas    FROM io_rendeles  JOIN io_rendeles_reszletei ON ren_az=rnd_ren_az  JOIN io_termekkategoria ON ren_telep_tka_az=tka_az  JOIN io_bolt ON bol_az=ren_bol_az  JOIN io_vevo ON vev_az=bol_vev_az JOIN io_regio ON reg_az=vev_reg_az  JOIN io_lanc ON lan_az=reg_lan_az    WHERE ren_del = 0 AND ren_telep_tka_az>0 AND bol_del = 2      AND tka_csop_name NOT IN ('gyogyszer', 'tap', 'egyeb_kiadas', 'egyeb_bevetel')      $cond  )" // functions_2.inc.php
  • Vulnerability is also triggered in:
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/beallitasok.php
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/log_db.php
SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 1301: $condition = "1" // functions_2.inc.php
  • 54: $superglobals = [$_FILES$_COOKIE$_POST$_GET] // bazis.phpif(!ini_get('register_globals')),
  • 58: foreach($superglobals as $superglobal) // bazis.phpif(!ini_get('register_globals')),
  • 59: extract($superglobalEXTR_SKIP) // bazis.phpregister_globals implementationif(!ini_get('register_globals')),
  • 1303: $condition .= " AND reg_az='{$rot_az}" // functions_2.inc.phpif($rot_az != FALSE),
  • 1306: $datum = date("Y-m-d"unix_rdatumbol ($rdatum)) // functions_2.inc.phpif($rdatum != FALSE),
  • 1307: $condition .= " AND kea_dt_be<='{$datum}" // functions_2.inc.phpif($rdatum != FALSE),
  • 1310: select $kel_query = $pdo->select ("SELECT *,         SUM( kea_mennyiseg ) AS mennyiseg       FROM io_kelteto_allapot       JOIN io_bolt ON kea_bol_az = bol_az       JOIN io_vevo ON bol_vev_az = vev_az       JOIN io_regio ON vev_reg_az = reg_az       WHERE $condition       GROUP BY kea_bol_az ") // functions_2.inc.php
    • requires:
      • 1299: if(defset ('MOD_TOJAS'FALSE) === TRUE)
  • Vulnerability is also triggered in:
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/beallitasok.php
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/log_db.php
SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 153: $prefix = 'ate' : 'alo' // functions_tksg.inc.php
  • 54: $superglobals = [$_FILES$_COOKIE$_POST$_GET] // bazis.phpif(!ini_get('register_globals')),
  • 58: foreach($superglobals as $superglobal) // bazis.phpif(!ini_get('register_globals')),
  • 59: extract($superglobalEXTR_SKIP) // bazis.phpregister_globals implementationif(!ini_get('register_globals')),
  • 406: $cond = " AND a1." . $prefix . "_lan_az IN (SELECT l2l_lan_az FROM io_lan2lag WHERE l2l_lag_az = '" . $lag_az . "') " // functions_tksg.inc.phpif(empty($_stored_data)), if(!empty($lag_az)),
  • 524: $cond .= " AND trr_trh_az NOT IN ('" . implode("', '"$exception_trh) . "') " // functions_2.inc.phpif(sizeof($exception_trh)),
  • 599: $cond .= " AND trr_trh_az NOT IN ('" . implode("', '"$exception_trh) . "') " // functions_2.inc.phpif(sizeof($exception_trh)),
  • 603: $cond .= " AND trh_ertekesites = 1 " // functions_2.inc.phpif($ertekesites == TRUE),
  • 606: $cond .= " AND trh_ertekesites = 0 " // functions_2.inc.phpif($ertekesites == TRUE) else ,
  • 1226: $cond .= " AND ren_szallitas <= '{$rdatum}" // functions_2.inc.phpif($rdatum != FALSE),
  • 1336: select $koltseg_query = $pdo->select ("SELECT *       FROM io_rendeles  JOIN io_rendeles_reszletei ON ren_az = rnd_ren_az  LEFT JOIN io_termek ON rnd_ter_az = ter_az AND ter_del = 0  JOIN io_termekkategoria ON ren_telep_tka_az = tka_az  JOIN io_bolt ON bol_az = ren_bol_az AND bol_del = 0  JOIN io_vevo ON vev_az = bol_vev_az AND vev_del = 0  JOIN io_regio ON reg_az = vev_reg_az AND reg_del = 0  JOIN io_lanc ON lan_az = reg_lan_az AND lan_del = 0    WHERE ren_del = 0      AND ren_telep_tka_az > 0      AND ter_az = '1624' $cond ") // functions_2.inc.php
    • requires:
      • 1299: if(defset ('MOD_TOJAS'FALSE) === TRUE)
  • Vulnerability is also triggered in:
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/beallitasok.php
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/log_db.php
SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 1373: $cond = "" // functions_2.inc.php
  • 54: $superglobals = [$_FILES$_COOKIE$_POST$_GET] // bazis.phpif(!ini_get('register_globals')),
  • 58: foreach($superglobals as $superglobal) // bazis.phpif(!ini_get('register_globals')),
  • 59: extract($superglobalEXTR_SKIP) // bazis.phpregister_globals implementationif(!ini_get('register_globals')),
  • 1374: $cond .= " AND reg_rot_datum_indulas <= '$rdate' AND (reg_rot_datum_befejezes >= '$rdate' OR reg_rot_datum_befejezes = '0000-00-00') AND ren_szallitas <= '$rdate" // functions_2.inc.php
  • 1378: select $res = $pdo->select ("SELECT *     FROM io_rendeles     JOIN io_rendeles_reszletei ON ren_az = rnd_ren_az AND ren_del = 0 AND rnd_kiszallitott > 0     JOIN io_termek ON rnd_ter_az = ter_az     JOIN io_termekkategoria ON ter_tka_az = tka_az AND tka_telep = 1 AND tka_csop_name IN ('malac','elosertes','hulla')     JOIN io_bolt ON ren_bol_az = bol_az AND bol_del = 0     JOIN io_vevo ON vev_az = bol_vev_az AND vev_del = 0     JOIN io_regio ON reg_az = vev_reg_az AND reg_del = 0     JOIN io_lanc ON lan_az = reg_lan_az AND lan_del = 0     WHERE lan_telep = 1 AND ren_del = 0 $cond     ORDER BY ren_szallitas") // functions_2.inc.php
  • Vulnerability is also triggered in:
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/beallitasok.php
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/log_db.php
SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 54: $superglobals = [$_FILES$_COOKIE$_POST$_GET] // bazis.phpif(!ini_get('register_globals')),
  • 58: foreach($superglobals as $superglobal) // bazis.phpif(!ini_get('register_globals')),
  • 59: extract($superglobalEXTR_SKIP) // bazis.phpregister_globals implementationif(!ini_get('register_globals')),
  • 1373: $cond = "" // functions_2.inc.php
  • 1374: $cond .= " AND reg_rot_datum_indulas <= '$rdate' AND (reg_rot_datum_befejezes >= '$rdate' OR reg_rot_datum_befejezes = '0000-00-00') AND ren_szallitas <= '$rdate" // functions_2.inc.php
  • 1467: $_sql = "(SELECT bol_az, rnd_az, tka_csop_name, ren_szallitas, ren_vagas_bol_az, rnd_mennyiseg, ter_noivar, rnd_telep_malac_rnd_az, ren_datum, rnd_forras_bol_az       FROM io_rendeles       JOIN io_rendeles_reszletei ON ren_az=rnd_ren_az AND ren_del=0 AND rnd_mennyiseg>0       JOIN io_termek ON rnd_ter_az=ter_az       JOIN io_termekkategoria ON ter_tka_az=tka_az AND tka_telep=1       JOIN io_bolt ON ren_bol_az=bol_az AND bol_del=0       JOIN io_vevo ON vev_az=bol_vev_az AND vev_del=0       JOIN io_regio ON reg_az=vev_reg_az AND reg_del=0       JOIN io_lanc ON lan_az=reg_lan_az AND lan_del=0       WHERE lan_telep=1 AND ren_del=0 AND reg_az = '{$rot_az}$cond     )     UNION     (SELECT bol_az, rnd_az, tka_csop_name, ren_szallitas, ren_vagas_bol_az, rnd_mennyiseg, ter_noivar, rnd_telep_malac_rnd_az, ren_datum, rnd_forras_bol_az       FROM io_rendeles       JOIN io_rendeles_reszletei ON ren_az=rnd_ren_az AND ren_del=0 AND rnd_mennyiseg>0       JOIN io_termek ON rnd_ter_az=ter_az       JOIN io_termekkategoria ON ter_tka_az=tka_az AND tka_telep=1       JOIN io_bolt ON ren_bol_az=bol_az AND bol_del=2       JOIN io_vevo ON vev_az=bol_vev_az       JOIN io_regio ON reg_az=vev_reg_az       JOIN io_lanc ON lan_az=reg_lan_az       WHERE lan_telep=1 AND ren_del=0 AND reg_az = '{$rot_az}$cond     )     ORDER BY ren_szallitas" // functions_2.inc.php
  • 1492: select $res = $pdo->select ($_sql) // functions_2.inc.php
  • Vulnerability is also triggered in:
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/beallitasok.php
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/log_db.php
SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 54: $superglobals = [$_FILES$_COOKIE$_POST$_GET] // bazis.phpif(!ini_get('register_globals')),
  • 58: foreach($superglobals as $superglobal) // bazis.phpif(!ini_get('register_globals')),
  • 59: extract($superglobalEXTR_SKIP) // bazis.phpregister_globals implementationif(!ini_get('register_globals')),
  • 938: $arr = tlp_get_testtomeg_tabla ($tth_az) // functions_2.inc.phpif(empty($storedret)),
  • 941: foreach($arr as $napig=>$sor) // functions_2.inc.phpif(empty($storedret)),
  • 572: $sor = Animal::getdb ()->retrieve('io_jog''*'['jog_prg'=>$prg'jog_alp'=>$alp]) // if($prg != ""), bazis.php, trace stopped
  • 4185: foreach(explode('##'$sor['tth_tapok']) as $item) // functions_2.inc.php
  • 4186: $parts = explode(','$item) // functions_2.inc.php
  • 4188: $ter_azok[] = $parts[1] // functions_2.inc.php
  • 4191: select $query = $pdo->select ("SELECT *     FROM io_termek     WHERE ter_tka_az = 6 AND ter_az IN('" . implode("', '"$ter_azok) . "')     ORDER BY ter_tap_fazis, ter_del, ter_aktiv DESC ") // functions_2.inc.php
  • Vulnerability is also triggered in:
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/beallitasok.php
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/log_db.php
Possible Flow Control

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 54: $superglobals = [$_FILES$_COOKIE$_POST$_GET] // bazis.phpif(!ini_get('register_globals')),
  • 58: foreach($superglobals as $superglobal) // bazis.phpif(!ini_get('register_globals')),
  • 59: extract($superglobalEXTR_SKIP) // bazis.phpregister_globals implementationif(!ini_get('register_globals')),
  • 366: foreach($profiles[$group] as $id=>$info) // functions_2.inc.php
  • 367: $data[$id] = $info // functions_2.inc.php
  • 3766: foreach($data as $key=>$value) // functions_2.inc.phpfunctionparse_csv_file($file, $columnheadings = FALSE, $delimiter = ';', $enclosure = '"'), elseif($columnheadings == TRUE),
  • 4255: define($constant$cache[$constant] = $value) // functions_2.inc.php define()
  • 4255: define define($constant$cache[$constant] = $value) // functions_2.inc.php
    • requires:
      • 4254: if(!defined($constant))
  • Vulnerability is also triggered in:
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/beallitasok.php
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/log_db.php
SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side. (Blind exploitation)
  • 54: $superglobals = [$_FILES$_COOKIE$_POST$_GET] // bazis.phpif(!ini_get('register_globals')),
  • 58: foreach($superglobals as $superglobal) // bazis.phpif(!ini_get('register_globals')),
  • 59: extract($superglobalEXTR_SKIP) // bazis.phpregister_globals implementationif(!ini_get('register_globals')),
  • 442: $het = date("W"time()) // functions_3.inc.phpif(!$het),
  • 584: for($het = *$het <= date("W"strtotime($ev . "-12-28"))$het++) // functions_3.inc.php
  • 589: $ret[$het] = get_heti_atlagarak ($ev$het$eloallat_sajat_forras) // functions_3.inc.phpif(strtotime("+7 days") >= $ts_s),
  • 579: $ret = [] // functions_3.inc.php
  • 748: foreach($ret['a_rnds'] as $regi=>$uj) // functions_3.inc.php
  • 750: raw $pdo->raw ("UPDATE io_rendeles_reszletei             SET rnd_telep_malac_rnd_az = '" . $uj . "'             WHERE rnd_telep_malac_rnd_az = '" . $regi . "'               AND ren_bol_az IN ('" . implode($ret['a_bols']) . "')") // functions_3.inc.php
    • requires:
      • 661: if(!empty($res0))
      • 746: if($clone_ren && !empty($ret['a_rnds']))
      • 749: if($regi && $uj)
  • Vulnerability is also triggered in:
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/beallitasok.php
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/log_db.php
SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 54: $superglobals = [$_FILES$_COOKIE$_POST$_GET] // bazis.phpif(!ini_get('register_globals')),
  • 58: foreach($superglobals as $superglobal) // bazis.phpif(!ini_get('register_globals')),
  • 59: extract($superglobalEXTR_SKIP) // bazis.phpregister_globals implementationif(!ini_get('register_globals')),
  • 895: $sql = "SELECT       tka_csop_name,       SUM(rnd_mennyiseg*rnd_tomeg) as x_tomeg,       ROUND(SUM(rnd_mennyiseg)) as x_mennyiseg     FROM io_rendeles_reszletei     JOIN io_rendeles ON ren_az=rnd_ren_az     JOIN io_termekkategoria ON ren_telep_tka_az=tka_az     LEFT JOIN io_termek ON rnd_ter_az=ter_az     JOIN io_bolt ON bol_az=ren_bol_az AND bol_del=2     JOIN io_vevo ON vev_az=bol_vev_az     JOIN io_regio ON reg_az=vev_reg_az     JOIN io_lanc ON lan_az=reg_lan_az AND lan_del=0     WHERE ren_telep_tka_az > 0       AND ren_del = 0       AND tka_csop_name IN ('malac','tenyesz','elosertes','hulla')       AND ren_szallitas = '" . rdatum_datumbol ($dt) . "'     GROUP BY tka_csop_name" // functions_3.inc.php
  • 912: select $res = $pdo->select ($sql) // functions_3.inc.php
  • Vulnerability is also triggered in:
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/beallitasok.php
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/log_db.php
SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side. (Blind exploitation)
  • 54: $superglobals = [$_FILES$_COOKIE$_POST$_GET] // bazis.phpif(!ini_get('register_globals')),
  • 58: foreach($superglobals as $superglobal) // bazis.phpif(!ini_get('register_globals')),
  • 59: extract($superglobalEXTR_SKIP) // bazis.phpregister_globals implementationif(!ini_get('register_globals')),
  • 1028: $tmp[] = $thisrow // functions_3.inc.php
  • 1034: foreach($tmp as $v) // functions_3.inc.php
  • 1035: $values[] = "('" . implode("','"$v) . "')" // functions_3.inc.php
  • 1038: $sql_ins = "REPLACE INTO io_allomany_bolt (`" . implode("`,`"array_keys($tmp[0])) . "`) VALUES " . implode(", "$values) . ";" // functions_3.inc.php
  • 1039: raw $pdo->raw ($sql_ins) // functions_3.inc.php
    • requires:
      • 998: if(!empty($res))
      • 1031: if(sizeof($tmp) % 200 == 0)
  • Vulnerability is also triggered in:
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/beallitasok.php
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/log_db.php
SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 1487: $extra_conds = "" // functions_3.inc.php
  • 1495: $extra_conds .= " AND IF(ter_tka_az = 6, ren_lezarva, 1) > 0 " // functions_3.inc.phpif($tap_rkeszlet === 1),
  • 54: $superglobals = [$_FILES$_COOKIE$_POST$_GET] // bazis.phpif(!ini_get('register_globals')),
  • 58: foreach($superglobals as $superglobal) // bazis.phpif(!ini_get('register_globals')),
  • 59: extract($superglobalEXTR_SKIP) // bazis.phpregister_globals implementationif(!ini_get('register_globals')),
  • 1499: $sql = "SELECT ter_az, ter_egyseg, SUM(rnd_mennyiseg) as x_mennyiseg, rnd_egyseg    FROM io_termek  JOIN io_termekkategoria ON ter_tka_az=tka_az AND ter_az = :ter_az  JOIN io_rendeles_reszletei ON rnd_ter_az=ter_az AND rnd_ter_az = :ter_az  JOIN io_rendeles ON rnd_ren_az=ren_az AND ren_szallitas = :ren_szallitas AND ren_allapot = 1  JOIN io_bolt ON ren_bol_az = bol_az AND bol_del = 0  JOIN io_vevo ON vev_az = bol_vev_az AND vev_del = 0  JOIN io_regio ON reg_az = vev_reg_az AND reg_del = 0 AND reg_lan_az = :reg_lan_az    WHERE ter_az = :ter_az      AND ren_allapot = 1      AND ren_bol_az = :ren_bol_az      AND ren_del = 0      $extra_conds    GROUP BY ter_az, rnd_egyseg" // functions_3.inc.php
  • 1514: select $res = $pdo->select ($sql[':ter_az'=>$ter_az':ren_szallitas'=>rdatum_datumbol ($dt)':reg_lan_az'=>RAKTAR_LAN_AZ':ren_bol_az'=>$rak_az]) // functions_3.inc.php
  • Vulnerability is also triggered in:
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/beallitasok.php
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/log_db.php
File Manipulation

Userinput returned by function glob() reaches sensitive sink.
  • 54: $superglobals = [$_FILES$_COOKIE$_POST$_GET] // bazis.phpif(!ini_get('register_globals')),
  • 58: foreach($superglobals as $superglobal) // bazis.phpif(!ini_get('register_globals')),
  • 59: extract($superglobalEXTR_SKIP) // bazis.phpregister_globals implementationif(!ini_get('register_globals')),
  • 1833: $items = glob($entry . "*") // functions_3.inc.php
  • 1834: foreach($items as $item) // functions_3.inc.php
  • 1835:  rchmod ($item$mode) // functions_3.inc.php
    • requires:
      • 1829: if(is_dir($entry))

Userinput reaches sensitive sink. For more information, press the help icon on the left side. (Blind exploitation)
  • 1826:  function rchmod($entry$mode = 0777)
  • 1828: chmod chmod($entry$mode) // functions_3.inc.php
  • Vulnerability is also triggered in:
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/beallitasok.php
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/log_db.php
Possible Flow Control

Userinput returned by function glob() reaches sensitive sink.
  • 54: $superglobals = [$_FILES$_COOKIE$_POST$_GET] // bazis.phpif(!ini_get('register_globals')),
  • 58: foreach($superglobals as $superglobal) // bazis.phpif(!ini_get('register_globals')),
  • 59: extract($superglobalEXTR_SKIP) // bazis.phpregister_globals implementationif(!ini_get('register_globals')),
  • 1833: $items = glob($entry . "*") // functions_3.inc.php
  • 1834: foreach($items as $item) // functions_3.inc.php
  • 1835:  rchmod ($item$mode) // functions_3.inc.php
    • requires:
      • 1829: if(is_dir($entry))

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 1826:  function rchmod($entry$mode = 0777)
  • 1830: ereg ereg('/$'$entry)) // functions_3.inc.php
    • requires:
      • 1829: if(is_dir($entry))
  • Vulnerability is also triggered in:
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/beallitasok.php
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/log_db.php
File Disclosure

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 54: $superglobals = [$_FILES$_COOKIE$_POST$_GET] // bazis.phpif(!ini_get('register_globals')),
  • 58: foreach($superglobals as $superglobal) // bazis.phpif(!ini_get('register_globals')),
  • 59: extract($superglobalEXTR_SKIP) // bazis.phpregister_globals implementationif(!ini_get('register_globals')),
  • 1833: glob $items = glob($entry . "*") // functions_3.inc.php
    • requires:
      • 1829: if(is_dir($entry))
  • Vulnerability is also triggered in:
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/beallitasok.php
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/log_db.php
File Manipulation

Userinput reaches sensitive sink. For more information, press the help icon on the left side. (Blind exploitation)
  • 10: $doc_root = realpath(dirname(__FILE__) . '/../../../') // config.inc.php
  • 12: define("MI_MAIN_PATH"rtrim($doc_root'/')) // config.inc.php define()
  • 20: define("MI_WRITE_PATH"MI_MAIN_PATH . '/web/write') // config.inc.php define()
  • 40: define("MI_FLEXIUM_PATH"MI_WRITE_PATH . "/flexium") // config.inc.php define()
  • 54: $superglobals = [$_FILES$_COOKIE$_POST$_GET] // bazis.phpif(!ini_get('register_globals')),
  • 58: foreach($superglobals as $superglobal) // bazis.phpif(!ini_get('register_globals')),
  • 59: extract($superglobalEXTR_SKIP) // bazis.phpregister_globals implementationif(!ini_get('register_globals')),
  • 1951: $fajlnev = $fname_prefix . "flex_" . date("Ymd_His"time()) . ".xml" // functions_3.inc.php
  • 1958: $f = fopen(MI_FLEXIUM_PATH . "/new/$fajlnev""w") // functions_3.inc.php
  • 1945: $szoveg = '<?xml version="1.0" encoding="UTF-8" standalone="yes"?>' . "\n" // functions_3.inc.php
  • 1946: $szoveg .= "<records>\n" // functions_3.inc.php
  • 1650: $v['r2r_rnd_az'] = $rnd_az // functions_3.inc.phpif(!empty($res_rnd)),
  • 1931: $records[] = szamlazfexiumpinv($v$isKereskedelem) // functions_3.inc.phpfunctionszamlazflexium($arr, $fname_prefix = "", $isKereskedelem = FALSE), if($v == "SINV") else ,
  • 1947: $szoveg .= implode(""$records) // functions_3.inc.php
  • 1948: $szoveg .= "</records>\n" // functions_3.inc.php
  • 1961: fwrite fwrite($f$szoveg) // functions_3.inc.php
  • Vulnerability is also triggered in:
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/beallitasok.php
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/log_db.php
SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 54: $superglobals = [$_FILES$_COOKIE$_POST$_GET] // bazis.phpif(!ini_get('register_globals')),
  • 58: foreach($superglobals as $superglobal) // bazis.phpif(!ini_get('register_globals')),
  • 59: extract($superglobalEXTR_SKIP) // bazis.phpregister_globals implementationif(!ini_get('register_globals')),
  • 2017: $sql = "  SELECT *,  SUM(rnd_kiszallitott) as x_mennyiseg,  (SELECT afa_ertek FROM io_afa WHERE afa_az=ter_afa_az AND afa_del=0 AND afa_datum<=ren_datum ORDER BY afa_datum DESC LIMIT 1) as x_rnd_afa_ertek,  SUM(rnd_rendeles_mennyiseg) as x_rendeles_mennyiseg,  SUM(rnd_kiszallitott*rnd_tomeg) as x_tomeg,  SUM(rnd_onkoltseg*rnd_kiszallitott*rnd_tomeg) as x_onk_netto,  SUM(rnd_onkoltseg*rnd_tomeg) as x_onk_netto_db,  SUM(  rnd_onkoltseg*rnd_kiszallitott*rnd_tomeg*( (100+(SELECT afa_ertek FROM io_afa WHERE afa_az=ter_afa_az AND afa_del=0 AND afa_datum<=ren_datum ORDER BY afa_datum DESC LIMIT 1)*1.0) / 100 )  ) as x_onk_brutto,  SUM(rnd_ar*rnd_kiszallitott*rnd_tomeg) as x_ar_netto,  SUM(  rnd_ar*rnd_kiszallitott*rnd_tomeg*( (100+(SELECT afa_ertek FROM io_afa WHERE afa_az=ter_afa_az AND afa_del=0 AND afa_datum<=ren_datum ORDER BY afa_datum DESC LIMIT 1)*1.0) / 100 )  ) as x_ar_brutto,  GROUP_CONCAT(DISTINCT ter_nev) as x_ter_nev,  GROUP_CONCAT(DISTINCT reg_az SEPARATOR ',') as x_reg_az,  GROUP_CONCAT(DISTINCT CONCAT(lan_nev, reg_nev) SEPARATOR ',') as x_megjegyzes,  IF(LENGTH(rnd_flex_item_code)>0, rnd_flex_item_code, (SELECT fc2t_item_code FROM io_flex_item2ter WHERE fc2t_ter_az=rnd_ter_az LIMIT 1) ) as flex_item_code  FROM io_rendeles_reszletei  INNER JOIN io_termek ON rnd_ter_az = ter_az  INNER JOIN io_termekkategoria ON ter_tka_az = tka_az  INNER JOIN io_flex_item2ter ON rnd_ter_az = fc2t_ter_az  INNER JOIN io_rendeles ON rnd_ren_az = ren_az  INNER JOIN io_bolt ON bol_az = ren_bol_az AND bol_del = 0  INNER JOIN io_vevo ON vev_az = bol_vev_az AND vev_del = 0  INNER JOIN io_regio ON reg_az = vev_reg_az AND reg_del = 0  INNER JOIN io_lanc ON lan_az = reg_lan_az AND lan_del = 0  WHERE $whereKey = :$whereKey    AND ren_gyt_az = :ren_gyt_az    AND ren_rak_az = 0  GROUP BY flex_item_code, x_rnd_afa_ertek  ORDER BY ter_nev" // functions_3.inc.php
  • 2052: select $eredmeny2 = $pdo->select ($sql[":$whereKey"=>$arr['aktualis']':ren_gyt_az'=>$arr['partner']]) // functions_3.inc.php
    • requires:
      • 2051: if(!defined('ANIMAL_USE_QUERYBUILDER') || !ANIMAL_USE_QUERYBUILDER)
  • Vulnerability is also triggered in:
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/beallitasok.php
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/log_db.php
SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 54: $superglobals = [$_FILES$_COOKIE$_POST$_GET] // bazis.phpif(!ini_get('register_globals')),
  • 58: foreach($superglobals as $superglobal) // bazis.phpif(!ini_get('register_globals')),
  • 59: extract($superglobalEXTR_SKIP) // bazis.phpregister_globals implementationif(!ini_get('register_globals')),
  • 2192: select $eredmeny2 = $pdo->select ("  SELECT *,  SUM(rnd_kiszallitott) as x_mennyiseg,  SUM(rnd_kiszallitott*rnd_tomeg) as x_tomeg,  SUM(rnd_onkoltseg*rnd_kiszallitott*rnd_tomeg) as x_onk_netto,  SUM(  rnd_onkoltseg*rnd_kiszallitott*rnd_tomeg*( (100+(SELECT afa_ertek FROM io_afa WHERE afa_az=ter_afa_az AND afa_del=0 AND afa_datum<=ren_datum ORDER BY afa_datum DESC LIMIT 1)*1.0) / 100 )  ) as x_onk_brutto,  SUM(rnd_ar*rnd_kiszallitott*rnd_tomeg) as x_ar_netto,  SUM(  rnd_ar*rnd_kiszallitott*rnd_tomeg*( (100+(SELECT afa_ertek FROM io_afa WHERE afa_az=ter_afa_az AND afa_del=0 AND afa_datum<=ren_datum ORDER BY afa_datum DESC LIMIT 1)*1.0) / 100 )  ) as x_ar_brutto,  GROUP_CONCAT(DISTINCT ter_nev) as x_ter_nev,  GROUP_CONCAT(DISTINCT reg_az SEPARATOR ',') as x_reg_az,  IF(LENGTH(rnd_flex_item_code)>0, rnd_flex_item_code, (SELECT fc2t_item_code FROM io_flex_item2ter WHERE fc2t_ter_az=rnd_ter_az LIMIT 1) ) as flex_item_code  FROM io_rendeles_reszletei  INNER JOIN io_termek ON rnd_ter_az = ter_az  INNER JOIN io_rendeles ON rnd_ren_az = ren_az  INNER JOIN io_bolt ON bol_az = ren_bol_az AND bol_del = 0  INNER JOIN io_vevo ON vev_az = bol_vev_az AND vev_del = 0  INNER JOIN io_regio ON reg_az = vev_reg_az AND reg_del = 0  INNER JOIN io_lanc ON lan_az = reg_lan_az AND lan_del = 0  WHERE $whereKey = :$whereKey  GROUP BY ter_az, flex_item_code  ORDER BY ter_nev, flex_item_code"[":$whereKey"=>$arr['aktualis']]) // functions_3.inc.php
  • Vulnerability is also triggered in:
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/beallitasok.php
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/log_db.php
SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 54: $superglobals = [$_FILES$_COOKIE$_POST$_GET] // bazis.phpif(!ini_get('register_globals')),
  • 58: foreach($superglobals as $superglobal) // bazis.phpif(!ini_get('register_globals')),
  • 59: extract($superglobalEXTR_SKIP) // bazis.phpregister_globals implementationif(!ini_get('register_globals')),
  • 2324: $torottek = join("','"$torott_tomb) // functions_3.inc.php
  • 2326: select $termek_query = $pdo->select ("SELECT *     FROM io_termek     WHERE ter_tka_az = '13'       AND ter_aktiv = '1'       AND ter_az NOT IN('" . $torottek . "')     ORDER BY ter_az ") // functions_3.inc.php
  • Vulnerability is also triggered in:
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/beallitasok.php
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/log_db.php
SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 54: $superglobals = [$_FILES$_COOKIE$_POST$_GET] // bazis.phpif(!ini_get('register_globals')),
  • 58: foreach($superglobals as $superglobal) // bazis.phpif(!ini_get('register_globals')),
  • 59: extract($superglobalEXTR_SKIP) // bazis.phpregister_globals implementationif(!ini_get('register_globals')),
  • 2324: $torottek = join("','"$torott_tomb) // functions_3.inc.php
  • 2334: select $query = $pdo->select ("SELECT toj_ter_az, toj_bol_az,       SUM(toj_darab) as darab     FROM io_tojas     WHERE toj_reg_az = :toj_reg_az       AND toj_datum <= :toj_datum       AND toj_ter_az NOT IN('" . $torottek . "')     GROUP BY toj_ter_az, toj_bol_az"[':toj_reg_az'=>$rot_az':toj_datum'=>$dt]) // functions_3.inc.php
  • Vulnerability is also triggered in:
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/beallitasok.php
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/log_db.php
SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 54: $superglobals = [$_FILES$_COOKIE$_POST$_GET] // bazis.phpif(!ini_get('register_globals')),
  • 58: foreach($superglobals as $superglobal) // bazis.phpif(!ini_get('register_globals')),
  • 59: extract($superglobalEXTR_SKIP) // bazis.phpregister_globals implementationif(!ini_get('register_globals')),
  • 1899: $dt = date("Y-m-d"strtotime($dt . "+1 days")) // functions_3.inc.php
  • 2370: select $query = $pdo->select ("SELECT kbe_mennyiseg, kbe_dt, kbe_ter_az, reg_az, lan_az, bol_az     FROM io_kelteto_be  JOIN io_bolt ON bol_az = kbe_bol_az  JOIN io_vevo ON bol_vev_az = vev_az  JOIN io_regio ON vev_reg_az = reg_az  JOIN io_lanc ON reg_lan_az = lan_az  WHERE kbe_dt <= '" . $dt . "$cond_telepek AND reg_az='" . $rot_az . "' ") // functions_3.inc.php
  • Vulnerability is also triggered in:
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/beallitasok.php
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/log_db.php
SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 54: $superglobals = [$_FILES$_COOKIE$_POST$_GET] // bazis.phpif(!ini_get('register_globals')),
  • 58: foreach($superglobals as $superglobal) // bazis.phpif(!ini_get('register_globals')),
  • 59: extract($superglobalEXTR_SKIP) // bazis.phpregister_globals implementationif(!ini_get('register_globals')),
  • 2435: $torottek = join("','"$torott_tomb) // functions_3.inc.php
  • 2437: select $termek_query = $pdo->select ("SELECT *     FROM io_termek     WHERE ter_tka_az = '13'       AND ter_aktiv = '1'       AND ter_az NOT IN('" . $torottek . "')     ORDER BY ter_az ") // functions_3.inc.php
  • Vulnerability is also triggered in:
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/beallitasok.php
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/log_db.php
SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 54: $superglobals = [$_FILES$_COOKIE$_POST$_GET] // bazis.phpif(!ini_get('register_globals')),
  • 58: foreach($superglobals as $superglobal) // bazis.phpif(!ini_get('register_globals')),
  • 59: extract($superglobalEXTR_SKIP) // bazis.phpregister_globals implementationif(!ini_get('register_globals')),
  • 2435: $torottek = join("','"$torott_tomb) // functions_3.inc.php
  • 2445: select $query = $pdo->select ("SELECT toj_ter_az, toj_bol_az, toj_darab     FROM io_tojas     WHERE toj_bol_az = :toj_bol_az       AND toj_datum <= :toj_datum       AND toj_ter_az NOT IN('" . $torottek . "') "[':toj_bol_az'=>$bol_az':toj_datum'=>$dt]) // functions_3.inc.php
  • Vulnerability is also triggered in:
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/beallitasok.php
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/log_db.php
SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 851: $koca_amort_per_elles = 1 // functions_tny.inc.phpif($koca_amort_per_elles < 1),
  • 848: $koca_amort_per_elles = multiplication (1(int)get_sys_var ('koca_amort_per_elles')) // functions_tny.inc.php
  • 54: $superglobals = [$_FILES$_COOKIE$_POST$_GET] // bazis.phpif(!ini_get('register_globals')),
  • 58: foreach($superglobals as $superglobal) // bazis.phpif(!ini_get('register_globals')),
  • 59: extract($superglobalEXTR_SKIP) // bazis.phpregister_globals implementationif(!ini_get('register_globals')),
  • 854: $koca_maradvany_ertek = multiplication (1(int)get_sys_var ('koca_maradvany_ertek')) // functions_tny.inc.php
  • 856: $sql = "SELECT       SUM(         IF(           tte_selejtezes_d > '2001-01-01' OR tte_elhullas_d > '2001-01-01',           IF(             IFNULL(cnt_elles, 0) <= " . $koca_amort_per_elles . " AND tte_onkoltseg >= $koca_maradvany_ertek,             " . $koca_maradvany_ertek . " + ((tte_onkoltseg - " . $koca_maradvany_ertek . ") * (1 - IFNULL(cnt_elles, 0) / " . $koca_amort_per_elles . ")),             " . $koca_maradvany_ertek . "           ),           IF(             IFNULL(cnt_elles, 0) <  " . $koca_amort_per_elles . " AND tte_onkoltseg >= $koca_maradvany_ertek,             " . $koca_maradvany_ertek . " + ((tte_onkoltseg - " . $koca_maradvany_ertek . ") * (1 - IFNULL(cnt_elles, 0) / " . $koca_amort_per_elles . ")),             " . $koca_maradvany_ertek . "           )         )       ) as x_ertek     FROM io_tny_termek     LEFT JOIN (       SELECT tk2.koc_koca_id as tk2_ter_az, COUNT(*) as cnt_elles       FROM io_tny_koca tk2       WHERE tk2.koc_elles_dt > tk2.koc_ciklus_start_dt       GROUP BY tk2_ter_az     ) tk3 ON tte_ter_az = tk2_ter_az     WHERE tte_del = 0       AND tte_ter_az IN ('" .  // functions_tny.inc.php
  • 882: select $data = $pdo->select ($sql) // functions_tny.inc.php
  • Vulnerability is also triggered in:
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/beallitasok.php
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/log_db.php
SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 54: $superglobals = [$_FILES$_COOKIE$_POST$_GET] // bazis.phpif(!ini_get('register_globals')),
  • 58: foreach($superglobals as $superglobal) // bazis.phpif(!ini_get('register_globals')),
  • 59: extract($superglobalEXTR_SKIP) // bazis.phpregister_globals implementationif(!ini_get('register_globals')),
  • 1968: $_conditions .= " AND koc_bol_az IN('" . implode("', '"$conditions['csoport']) . "') " // functions_tny.inc.phpif(!empty($conditions)),
  • 1970: $_conditions .= " AND koc_ciklus_start_dt <= '" . $conditions['datum'] . "' AND (koc_ciklus_stop_dt = '0000-00-00' OR koc_ciklus_stop_dt >= '" . $conditions['datum'] . "') " // functions_tny.inc.phpif(!empty($conditions)), if(!empty($conditions) && !is_array($conditions)),
  • 1973: $_conditions .= " AND koc_ciklus_start_dt <= '" . $conditions['datum'][1] . "' AND (koc_ciklus_stop_dt = '0000-00-00' OR koc_ciklus_stop_dt >= '" . $conditions['datum'][0] . "') " // functions_tny.inc.phpif(!empty($conditions)), elseif(!empty($conditions) && !is_array($conditions)),
  • 1980: $_conditions .= " AND " . $azonositom . " LIKE '" . $conditions['azonosito'] . "%'" // functions_tny.inc.phpif(!empty($conditions)),
  • 1985: $_conditions .= " AND tte_selejtezes_ok_az IN('" . implode("', '"$conditions['selejtok']) . "') " // functions_tny.inc.phpif(!empty($conditions)),
  • 1991: $_conditions .= " AND (tte_elkerules_d IS NULL OR tte_elkerules_d = '0000-00-00') " // functions_tny.inc.phpif(!empty($conditions)), if($conditions == 1),
  • 1995: $_conditions .= " AND tte_elkerules_d > '0000-00-00' " // functions_tny.inc.phpif(!empty($conditions)), if($conditions == 2),
  • 2002: $_conditions .= " AND koc_ciklus_start_dt <= '" . $conditions['datum'] . "' AND (koc_ciklus_stop_dt = '0000-00-00' OR koc_ciklus_stop_dt >= '" . $conditions['datum'] . "') " // functions_tny.inc.phpswitch($mode), case 'szuzsuldo' : ,
  • 2003: $_conditions .= " AND (tte_elkerules_d = '0000-00-00' || tte_elkerules_d > '" . $conditions['datum'] . "') " // functions_tny.inc.phpswitch($mode), case 'szuzsuldo' : ,
  • 2004: $_conditions .= " AND (tte_elhullas_d = '0000-00-00' || tte_elhullas_d > '" . $conditions['datum'] . "')" // functions_tny.inc.phpswitch($mode), case 'szuzsuldo' : ,
  • 2006: $_conditions .= " AND koc_ciklusszam = 0 " // functions_tny.inc.phpswitch($mode), case 'szuzsuldo' : ,
  • 2017: $_conditions .= " AND koc_az IS NOT NULL AND tte_selejtezes_d >= '" . $conditions['datum'][0] . "' AND tte_selejtezes_d <= '" . $conditions['datum'][1] . "' " // functions_tny.inc.phpswitch($mode), case 'selejt' : , if(is_array($conditions)), if(!empty($conditions) && !empty($conditions)),
  • 2024: $_conditions .= " AND koc_az IS NOT NULL AND tte_selejtezes_d = '" . $conditions['datum'] . "' " // functions_tny.inc.phpswitch($mode), case 'selejt' : , if(is_array($conditions)) else ,
  • 2032: $_conditions .= " AND koc_az IS NOT NULL AND tte_statusz = 999 AND tte_selejtezes_d > '0000-00-00' AND tte_elkerules_d >= '" . $conditions['datum'][0] . "' AND tte_elkerules_d <= '" . $conditions['datum'][1] . "' " // functions_tny.inc.phpswitch($mode), case 'selejt_elkerules' : , if(is_array($conditions)), if(!empty($conditions) && !empty($conditions)),
  • 2040: $_conditions .= " AND koc_az IS NOT NULL AND tte_selejtezes_d > '0000-00-00' AND tte_elkerules_d = '" . $conditions['datum'] . "' " // functions_tny.inc.phpswitch($mode), case 'selejt_elkerules' : , if(is_array($conditions)) else ,
  • 2046: $_conditions .= " AND koc_az IS NOT NULL AND tte_tenyesz_dt = '" . $conditions['datum'] . "' " // functions_tny.inc.phpswitch($mode), case 'beallitott' : ,
  • 2053: $_conditions .= " AND koc_az IS NOT NULL AND tte_elhullas_d >= '" . $conditions['datum'][0] . "' AND tte_elhullas_d <= '" . $conditions['datum'][1] . "' " // functions_tny.inc.phpswitch($mode), case 'elhullott' : , if(is_array($conditions)), if(!empty($conditions) && !empty($conditions)),
  • 2058: $_conditions .= " AND koc_az IS NOT NULL AND tte_elhullas_d = '" . $conditions['datum'] . "' " // functions_tny.inc.phpswitch($mode), case 'elhullott' : , if(is_array($conditions)) else ,
  • 2066: $_conditions .= " AND koc_az IS NOT NULL AND koc_elles_dt >= '" . $conditions['datum'][0] . "' AND koc_elles_dt <= '" . $conditions['datum'][1] . "' AND tte_elhullas_d > '0000-00-00' " // functions_tny.inc.phpswitch($mode), case 'elhullott_fialas' : , if(is_array($conditions)), if(!empty($conditions) && !empty($conditions)),
  • 2071: $_conditions .= " AND koc_az IS NOT NULL AND koc_elles_dt = '" . $conditions['datum'] . "' AND tte_elhullas_d > '0000-00-00' " // functions_tny.inc.phpswitch($mode), case 'elhullott_fialas' : , if(is_array($conditions)) else ,
  • 2079: $_conditions .= " AND tte_tenyesz_dt <= '" . $conditions['datum'] . "' AND koc_az IS NOT NULL " // functions_tny.inc.phpswitch($mode), case 'kocaletszam' : default : ,
  • 2081: $_conditions .= " AND ( tte_elkerules_d IS NULL OR  (tte_elkerules_d ='0000-00-00')   OR (tte_elkerules_d > '" . $conditions['datum'] . "') ) " // functions_tny.inc.phpswitch($mode),
  • 2082: $_conditions .= " AND ( tte_elhullas_d IS NULL OR   (tte_elhullas_d = '0000-00-00')   OR (tte_elhullas_d > '" . $conditions['datum'] . "') )" // functions_tny.inc.phpswitch($mode),
  • 2083: $_conditions .= " AND ( tte_selejtezes_d IS NULL OR (tte_selejtezes_d = '0000-00-00') OR (tte_selejtezes_d > '" . $conditions['datum'] . "') )" // functions_tny.inc.phpswitch($mode),
  • 2088: $_conditions .= " AND tte_ivar = 1 " // functions_tny.inc.php
  • 2103: $query = "SELECT " . $_fields . ",           COUNT(*) as x_cnt_rows         FROM io_tny_termek         JOIN io_termek ON tte_ter_az = ter_az           AND ter_del = 0           AND tte_del = 0         LEFT JOIN io_tny_koca ON koc_koca_id = tte_ter_az         LEFT JOIN io_lanc ON tte_lan_az = lan_az         WHERE " . $_conditions . "         GROUP BY tte_ter_az" // functions_tny.inc.phpif($only_count == TRUE) else ,
    • requires:
      • 1924: if(empty($_stored_data[$keyhash]) || $force === TRUE)
  • Vulnerability is also triggered in:
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/beallitasok.php
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/log_db.php
SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 2186: $cond = "" // functions_tny.inc.php
  • 54: $superglobals = [$_FILES$_COOKIE$_POST$_GET] // bazis.phpif(!ini_get('register_globals')),
  • 58: foreach($superglobals as $superglobal) // bazis.phpif(!ini_get('register_globals')),
  • 59: extract($superglobalEXTR_SKIP) // bazis.phpregister_globals implementationif(!ini_get('register_globals')),
  • 2189: $cond .= " AND tte_ter_az NOT IN('" . implode("', '"$excluded) . "') " // functions_tny.inc.phpif(!empty($excluded)),
  • 2193: $cond .= " AND tte_termelesi_cel = " . (int)$type . " " // functions_tny.inc.phpif(!empty($type)),
  • 2196: select $res = $pdo->select ("SELECT       bol_az,       COUNT(DISTINCT tte_ter_az) as koca_db,       SUM(tal_elo_koca+tal_elo_kan+tal_holt_kan+tal_holt_koca+tal_mum_malacok) as malac_szul,       SUM(tal_mum_malacok) as malac_mum,       SUM(tal_elo_koca+tal_elo_kan-tal_elhullas_db) as malac_valaszthato_osszes,        SUM(tal_holt_koca+tal_holt_kan) as malac_holt,       SUM(tal_holt_kan) as malac_holt_kan,       SUM(tal_holt_koca) as malac_holt_koca,        SUM(tal_elo_koca+tal_elo_kan) as malac_elve,       SUM(tal_elo_kan) as malac_elve_kan,       SUM(tal_elo_koca) as malac_elve_koca,        SUM(tal_elhullas_kan+tal_elhullas_koca) as malac_elhullas,       SUM(tal_elhullas_kan) as malac_elhullas_kan,       SUM(tal_elhullas_koca) as malac_elhullas_koca,        SUM(tal_dajka_kan+tal_dajka_koca) as malac_dajka,       SUM(tal_dajka_kan) as malac_dajka_kan,       SUM(tal_dajka_koca) as malac_dajka_koca,        SUM(tal_val_koca+tal_val_kan) as malac_valasztott,       SUM(tal_val_kan) as malac_valasztott_kan,       SUM(tal_val_koca) as malac_valasztott_koca,        SUM(tal_elo_koca+tal_elo_kan-tal_dajka_db-tal_elhullas_db-tal_val_db) as malac_valaszthato,       SUM(tal_elo_kan-tal_dajka_kan-tal_elhullas_kan-tal_val_kan) as malac_valaszthato_kan,       SUM(tal_elo_koca-tal_dajka_koca-tal_elhullas_koca-tal_val_koca) as malac_valaszthato_koca     FROM io_bolt     JOIN io_tny_koca ON koc_bol_az = bol_az     JOIN io_tny_termek ON koc_koca_id=tte_ter_az AND (tte_del = 0 OR tte_inkubator = 1)     JOIN io_termek ON tte_ter_az=ter_az AND (ter_del = 0 OR tte_inkubator = 1)     JOIN io_tny_alom ON tal_koc_az = koc_az     WHERE koc_bol_az = :koc_bol_az $cond"[':koc_bol_az'=>$bol_az]) // functions_tny.inc.php
  • Vulnerability is also triggered in:
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/beallitasok.php
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/log_db.php
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 54: $superglobals = [$_FILES$_COOKIE$_POST$_GET] // bazis.phpif(!ini_get('register_globals')),
  • 58: foreach($superglobals as $superglobal) // bazis.phpif(!ini_get('register_globals')),
  • 59: extract($superglobalEXTR_SKIP) // bazis.phpregister_globals implementationif(!ini_get('register_globals')),
  • 170: $func = $_func0 . '0' // functions_hmd.inc.phpif(is_numeric($method)) else ,
  • 172: $func $func($params) // functions_hmd.inc.php
File Manipulation

Userinput reaches sensitive sink. For more information, press the help icon on the left side. (Blind exploitation)
  • 54: $superglobals = [$_FILES$_COOKIE$_POST$_GET] // bazis.phpif(!ini_get('register_globals')),
  • 58: foreach($superglobals as $superglobal) // bazis.phpif(!ini_get('register_globals')),
  • 59: extract($superglobalEXTR_SKIP) // bazis.phpregister_globals implementationif(!ini_get('register_globals')),
  • 604: $languages = ['hu'=>'Magyar''en'=>'English''de'=>'Deutsch''sk'=>'Slovenčina''es'=>'Español''nl'=>'Dutch''it'=>'Italiano''hr'=>'Hrvatski''ru'=>'Ру́сский язы́к''ar'=>'اَلْعَرَبِيَّةُ‎'] // bazis.php
  • 31: $nyelvek = array_intersect($nyelvekarray_keys($languages)) // genCimkek.phpif(!isset($languages)) else else ,
  • 48: foreach($nyelvek as $nyelv) // genCimkek.php
  • 67: $tempnam = __DIR__ . '/../translations/' . $nyelv . '.tmp.php' // genCimkek.php
  • 69: $fp = fopen($tempnam'wb') // genCimkek.php
  • 75: fwrite fwrite($fp"<?php\n") // genCimkek.php
    • requires:
      • 55: if($funkcio == '')
      • 58: if(!empty($_POST['nyelvfrissites']))
      • 65: if($success)
      • 74: if(!$fp) else 
File Manipulation

Userinput reaches sensitive sink. For more information, press the help icon on the left side. (Blind exploitation)
  • 54: $superglobals = [$_FILES$_COOKIE$_POST$_GET] // bazis.phpif(!ini_get('register_globals')),
  • 58: foreach($superglobals as $superglobal) // bazis.phpif(!ini_get('register_globals')),
  • 59: extract($superglobalEXTR_SKIP) // bazis.phpregister_globals implementationif(!ini_get('register_globals')),
  • 604: $languages = ['hu'=>'Magyar''en'=>'English''de'=>'Deutsch''sk'=>'Slovenčina''es'=>'Español''nl'=>'Dutch''it'=>'Italiano''hr'=>'Hrvatski''ru'=>'Ру́сский язы́к''ar'=>'اَلْعَرَبِيَّةُ‎'] // bazis.php
  • 31: $nyelvek = array_intersect($nyelvekarray_keys($languages)) // genCimkek.phpif(!isset($languages)) else else ,
  • 48: foreach($nyelvek as $nyelv) // genCimkek.php
  • 67: $tempnam = __DIR__ . '/../translations/' . $nyelv . '.tmp.php' // genCimkek.php
  • 69: $fp = fopen($tempnam'wb') // genCimkek.php
  • 66: $json = json_decode($response->getbody()->getcontents()TRUE) // genCimkek.php
  • 77: foreach($json as $label=>$translation) // genCimkek.php
  • 85: fwrite fwrite($fp'const ' . $label . ' = ' . var_export($translationTRUE) . ";\n") // genCimkek.php
    • requires:
      • 55: if($funkcio == '')
      • 58: if(!empty($_POST['nyelvfrissites']))
      • 65: if($success)
      • 74: if(!$fp) else 
File Disclosure

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 54: $superglobals = [$_FILES$_COOKIE$_POST$_GET] // bazis.phpif(!ini_get('register_globals')),
  • 58: foreach($superglobals as $superglobal) // bazis.phpif(!ini_get('register_globals')),
  • 59: extract($superglobalEXTR_SKIP) // bazis.phpregister_globals implementationif(!ini_get('register_globals')),
  • 604: $languages = ['hu'=>'Magyar''en'=>'English''de'=>'Deutsch''sk'=>'Slovenčina''es'=>'Español''nl'=>'Dutch''it'=>'Italiano''hr'=>'Hrvatski''ru'=>'Ру́сский язы́к''ar'=>'اَلْعَرَبِيَّةُ‎'] // bazis.php
  • 31: $nyelvek = array_intersect($nyelvekarray_keys($languages)) // genCimkek.phpif(!isset($languages)) else else ,
  • 48: foreach($nyelvek as $nyelv) // genCimkek.php
  • 67: $tempnam = __DIR__ . '/../translations/' . $nyelv . '.tmp.php' // genCimkek.php
  • 69: $fp = fopen($tempnam'wb') // genCimkek.php
  • 88: fflush $success = fflush($fp) && fclose($fp) && rename($tempnam__DIR__ . '/../translations/' . $nyelv . '.php') // genCimkek.php
    • requires:
      • 55: if($funkcio == '')
      • 58: if(!empty($_POST['nyelvfrissites']))
      • 65: if($success)
      • 74: if(!$fp) else 
File Manipulation

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 54: $superglobals = [$_FILES$_COOKIE$_POST$_GET] // bazis.phpif(!ini_get('register_globals')),
  • 58: foreach($superglobals as $superglobal) // bazis.phpif(!ini_get('register_globals')),
  • 59: extract($superglobalEXTR_SKIP) // bazis.phpregister_globals implementationif(!ini_get('register_globals')),
  • 604: $languages = ['hu'=>'Magyar''en'=>'English''de'=>'Deutsch''sk'=>'Slovenčina''es'=>'Español''nl'=>'Dutch''it'=>'Italiano''hr'=>'Hrvatski''ru'=>'Ру́сский язы́к''ar'=>'اَلْعَرَبِيَّةُ‎'] // bazis.php
  • 31: $nyelvek = array_intersect($nyelvekarray_keys($languages)) // genCimkek.phpif(!isset($languages)) else else ,
  • 48: foreach($nyelvek as $nyelv) // genCimkek.php
  • 67: $tempnam = __DIR__ . '/../translations/' . $nyelv . '.tmp.php' // genCimkek.php
  • 88: rename $success = fflush($fp) && fclose($fp) && rename($tempnam__DIR__ . '/../translations/' . $nyelv . '.php') // genCimkek.php
    • requires:
      • 55: if($funkcio == '')
      • 58: if(!empty($_POST['nyelvfrissites']))
      • 65: if($success)
      • 74: if(!$fp) else 
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 604: $languages = ['hu'=>'Magyar''en'=>'English''de'=>'Deutsch''sk'=>'Slovenčina''es'=>'Español''nl'=>'Dutch''it'=>'Italiano''hr'=>'Hrvatski''ru'=>'Ру́сский язы́к''ar'=>'اَلْعَرَبِيَّةُ‎'] // bazis.php
  • 121: foreach($languages as $language=>$language_name)
  • 123: $language_own_name = Locale::getdisplayname($language$language)
  • 621: $def_lang = get_sys_var ('site_language_default') // bazis.php
  • 630: $_lang = $def_lang // bazis.phpelseif(isset($_SESSION) && isset($languages)) else ,
  • 54: $superglobals = [$_FILES$_COOKIE$_POST$_GET] // bazis.phpif(!ini_get('register_globals')),
  • 58: foreach($superglobals as $superglobal) // bazis.phpif(!ini_get('register_globals')),
  • 59: extract($superglobalEXTR_SKIP) // bazis.phpregister_globals implementationif(!ini_get('register_globals')),
  • 624: $_SESSION['language'] = $_lang = $sel_lang // bazis.phpif(isset($sel_lang) && isset($languages)),
  • 627: $_lang = $_SESSION['language'] // bazis.phpelseif(isset($_SESSION) && isset($languages)),
  • 633: define('SITE_LANGUAGE'$_lang) // bazis.php define()
  • 122: $language_name = Locale::getdisplayname($languageSITE_LANGUAGE)
  • 125: $table['rows'][] = ['columns'=>[['data'=>$language_own_name . (' (' . $language_name . ')' : '')'attributes'=>['class'=>'tabla_cella']]['data'=>[$form->open('nyelvfrissites_' . $language)$form->submit('nyelvfrissites'$language
  • 182: echo echo $renderer->render('table'$table)

File: /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/beallitasok.php

SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 1401: $ret[$_bol][$_tka]['osszes'] = 0 // functions_2.inc.phpif(!empty($res)), if(!isset($ret)),
  • 1376: $ret = [] // functions_2.inc.php
  • 937: $ret = 0 // functions_2.inc.phpif(empty($storedret)),
  • 878: $ret = 0 // functions_2.inc.phpif(empty($storedret)),
  • 842: $ret = round(array_wavg_key ($tapok_arak'onkoltseg''mennyiseg'TRUE)3) // functions_2.inc.phpif(empty($storedret)),
  • 0: $gyarapodas is not initialized and http://php.net/register_globals is enabled
  • 738: $gyarapodas += division (multiplication ($nap$_prev_sor['ttr_napi_gyarapodas'])1000) // functions_2.inc.phpif(empty($storedret)), if($nap > 0),
  • 741: $ret = round($gyarapodas3) // functions_2.inc.phpif(empty($storedret)),
  • 686: $res_ttr = $pdo->select ('SELECT *         FROM io_testtomegtabla_reszletei         WHERE ttr_tth_az = :ttr_tth_az         ORDER BY ttr_napig'[':ttr_tth_az'=>(int)$tth_az]) // if(empty($storedret)), functions_2.inc.php, trace stopped
  • 694: foreach($res_ttr as $row_ttr) // functions_2.inc.phpif(empty($storedret)), if(!empty($res_ttr)),
  • 696: $ret[$row_ttr'ttr_napig'] = $row_ttr // functions_2.inc.phpif(empty($storedret)), if(!empty($res_ttr)), if(!empty($row_ttr)),
  • 54: $ret = $pdo->select ("SELECT   MIN(alb_dt) as min_alb_dt,    MAX(alb_dt) as max_alb_dt  FROM io_allomany_bolt   JOIN io_bolt ON alb_bol_az=bol_az  JOIN io_vevo ON bol_vev_az=vev_az   JOIN io_regio ON vev_reg_az=reg_az  JOIN io_lanc ON reg_lan_az=lan_az   WHERE bol_del = 0 AND reg_del = 0 AND lan_del = 0 $cond ") // functions_tksg.inc.php, trace stopped
  • 789: $ret += division (multiplication ($nap$_prev_sor['ttr_tap_per_nap'])1000) // functions_2.inc.phpif(empty($storedret)), if($nap > 0), if($fazis === FALSE || $_prev_sor == $fazis),
  • 793: $ret = round($ret3) // functions_2.inc.phpif(empty($storedret)),
  • 890: $ret += tlp_get_tapfogyasztas_2_nap ($max$tth_az$entity->getvalue ('ter_tap_fazis')) // functions_2.inc.phpif(empty($storedret)), if($entity->getid() > 0),
  • 949: $ret += multiplication (division (multiplication ($nap$sor['ttr_tap_per_nap'])1000)$tap_ar) // functions_2.inc.phpif(empty($storedret)), if($nap > 0 && $nap <= $n),
  • 953: $ret += multiplication (division (multiplication ($n$sor['ttr_tap_per_nap'])1000)$tap_ar) // functions_2.inc.phpif(empty($storedret)), elseif($nap > 0 && $nap >= $n),
  • 961: $ret += multiplication (division (multiplication ($nap$_prev_sor['ttr_tap_per_nap'])1000)$tap_ar) // functions_2.inc.phpif(empty($storedret)), if($nap > 0),
  • 964: $ret = round($ret3) // functions_2.inc.phpif(empty($storedret)),
  • 1412: $ret[$_bol][$_tka]['osszes'] += $row['rnd_kiszallitott'] // functions_2.inc.phpif(!empty($res)), if($_tka == 'malac'),
  • 1417: $ret[$_bol][$_tka]['osszes'] += $row['rnd_kiszallitott'] // functions_2.inc.phpif(!empty($res)), elseif($_tka == 'hulla'),
  • 1425: $ret[$_bol][$_tka]['osszes'] += $row['rnd_kiszallitott'] // functions_2.inc.phpif(!empty($res)), elseif($_tka == 'elosertes'),
  • 1434: $ret[$_bol][$_tka]['osszes'] += $row['rnd_kiszallitott'] // functions_2.inc.phpif(!empty($res)), elseif($_tka == 'elosertes') else ,
  • 1439: foreach($ret as $bol_az=>$bol_data) // functions_2.inc.phpif(!empty($res)),
  • 2676: $sql = "SELECT SUM(hmi_db) as sum_hmi_db,    SUM(hmi_szazalek*hmi_kg) as sulyozott_szazalek,    SUM(hmi_kg) as sulyozas,    IF( SUM(hmi_kg), SUM(hmi_szazalek*hmi_kg)/SUM(hmi_kg), 0) as wavg_hmi_szazalek,    GROUP_CONCAT(DISTINCT hmi_tka_group SEPARATOR ',') as x_hmi_tka_group    FROM io_husminoseg  JOIN io_rendeles ON hmi_tka_group=ren_telep_tka_group AND ren_del=0 AND ren_bol_az='" . $bol_az . "'    WHERE ren_bol_az='" . $bol_az . "' AND hmi_kg<>0 AND hmi_szazalek<>0 " . (" AND ren_szallitas<='" . $rdatum . "' " : "") // functions_2.inc.php
  • Vulnerability is also triggered in:
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/log_db.php
SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 1401: $ret[$_bol][$_tka]['osszes'] = 0 // functions_2.inc.phpif(!empty($res)), if(!isset($ret)),
  • 1376: $ret = [] // functions_2.inc.php
  • 937: $ret = 0 // functions_2.inc.phpif(empty($storedret)),
  • 878: $ret = 0 // functions_2.inc.phpif(empty($storedret)),
  • 842: $ret = round(array_wavg_key ($tapok_arak'onkoltseg''mennyiseg'TRUE)3) // functions_2.inc.phpif(empty($storedret)),
  • 0: $gyarapodas is not initialized and http://php.net/register_globals is enabled
  • 738: $gyarapodas += division (multiplication ($nap$_prev_sor['ttr_napi_gyarapodas'])1000) // functions_2.inc.phpif(empty($storedret)), if($nap > 0),
  • 741: $ret = round($gyarapodas3) // functions_2.inc.phpif(empty($storedret)),
  • 686: $res_ttr = $pdo->select ('SELECT *         FROM io_testtomegtabla_reszletei         WHERE ttr_tth_az = :ttr_tth_az         ORDER BY ttr_napig'[':ttr_tth_az'=>(int)$tth_az]) // if(empty($storedret)), functions_2.inc.php, trace stopped
  • 694: foreach($res_ttr as $row_ttr) // functions_2.inc.phpif(empty($storedret)), if(!empty($res_ttr)),
  • 696: $ret[$row_ttr'ttr_napig'] = $row_ttr // functions_2.inc.phpif(empty($storedret)), if(!empty($res_ttr)), if(!empty($row_ttr)),
  • 54: $ret = $pdo->select ("SELECT   MIN(alb_dt) as min_alb_dt,    MAX(alb_dt) as max_alb_dt  FROM io_allomany_bolt   JOIN io_bolt ON alb_bol_az=bol_az  JOIN io_vevo ON bol_vev_az=vev_az   JOIN io_regio ON vev_reg_az=reg_az  JOIN io_lanc ON reg_lan_az=lan_az   WHERE bol_del = 0 AND reg_del = 0 AND lan_del = 0 $cond ") // functions_tksg.inc.php, trace stopped
  • 789: $ret += division (multiplication ($nap$_prev_sor['ttr_tap_per_nap'])1000) // functions_2.inc.phpif(empty($storedret)), if($nap > 0), if($fazis === FALSE || $_prev_sor == $fazis),
  • 793: $ret = round($ret3) // functions_2.inc.phpif(empty($storedret)),
  • 890: $ret += tlp_get_tapfogyasztas_2_nap ($max$tth_az$entity->getvalue ('ter_tap_fazis')) // functions_2.inc.phpif(empty($storedret)), if($entity->getid() > 0),
  • 949: $ret += multiplication (division (multiplication ($nap$sor['ttr_tap_per_nap'])1000)$tap_ar) // functions_2.inc.phpif(empty($storedret)), if($nap > 0 && $nap <= $n),
  • 953: $ret += multiplication (division (multiplication ($n$sor['ttr_tap_per_nap'])1000)$tap_ar) // functions_2.inc.phpif(empty($storedret)), elseif($nap > 0 && $nap >= $n),
  • 961: $ret += multiplication (division (multiplication ($nap$_prev_sor['ttr_tap_per_nap'])1000)$tap_ar) // functions_2.inc.phpif(empty($storedret)), if($nap > 0),
  • 964: $ret = round($ret3) // functions_2.inc.phpif(empty($storedret)),
  • 1412: $ret[$_bol][$_tka]['osszes'] += $row['rnd_kiszallitott'] // functions_2.inc.phpif(!empty($res)), if($_tka == 'malac'),
  • 1417: $ret[$_bol][$_tka]['osszes'] += $row['rnd_kiszallitott'] // functions_2.inc.phpif(!empty($res)), elseif($_tka == 'hulla'),
  • 1425: $ret[$_bol][$_tka]['osszes'] += $row['rnd_kiszallitott'] // functions_2.inc.phpif(!empty($res)), elseif($_tka == 'elosertes'),
  • 1434: $ret[$_bol][$_tka]['osszes'] += $row['rnd_kiszallitott'] // functions_2.inc.phpif(!empty($res)), elseif($_tka == 'elosertes') else ,
  • 1439: foreach($ret as $bol_az=>$bol_data) // functions_2.inc.phpif(!empty($res)),
  • Vulnerability is also triggered in:
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/log_db.php
SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $dt is not initialized and http://php.net/register_globals is enabled
  • 1401: $ret[$_bol][$_tka]['osszes'] = 0 // functions_2.inc.phpif(!empty($res)), if(!isset($ret)),
  • 1378: $res = $pdo->select ("SELECT *     FROM io_rendeles     JOIN io_rendeles_reszletei ON ren_az = rnd_ren_az AND ren_del = 0 AND rnd_kiszallitott > 0     JOIN io_termek ON rnd_ter_az = ter_az     JOIN io_termekkategoria ON ter_tka_az = tka_az AND tka_telep = 1 AND tka_csop_name IN ('malac','elosertes','hulla')     JOIN io_bolt ON ren_bol_az = bol_az AND bol_del = 0     JOIN io_vevo ON vev_az = bol_vev_az AND vev_del = 0     JOIN io_regio ON reg_az = vev_reg_az AND reg_del = 0     JOIN io_lanc ON lan_az = reg_lan_az AND lan_del = 0     WHERE lan_telep = 1 AND ren_del = 0 $cond     ORDER BY ren_szallitas") // functions_2.inc.php, trace stopped
  • 1391: foreach($res as $row) // functions_2.inc.phpif(!empty($res)),
  • 1256: $res = $pdo->select ($_sql) // functions_2.inc.php, trace stopped
  • 1259: foreach($res as $row) // functions_2.inc.phpif(!empty($res)),
  • 1189: $res = $pdo->select ("SELECT tsg_lag_az, tsg_ev, tsg_honap,       SUM(tsg_osszeg) as tsg_osszeg  FROM io_telepi_koltseg  WHERE 1 $cond  GROUP BY tsg_ev, tsg_honap  ORDER BY tsg_ev, tsg_honap") // functions_2.inc.php, trace stopped
  • 1197: foreach($res as $row) // functions_2.inc.phpif(!empty($res)),
  • 617: $res = $pdo->select ($sql[':trr_nevelo_rnd_az'=>$nevelo_rnd_az]) // functions_2.inc.php, trace stopped
  • 622: $row = reset($res) // functions_2.inc.phpif(!empty($res)),
  • 533: $res = $pdo->select ($sql[':trr_kel_az'=>$kel_az':trr_bol_az'=>$bol_az':trr_dt_be'=>$dt]) // functions_2.inc.php, trace stopped
  • 540: $row = reset($res) // functions_2.inc.phpif(!empty($res)),
  • 93: $res = $pdo->select ('SELECT *   FROM io_gyogyszer_alkategoria   WHERE gak_del = 0   ORDER BY gak_az') // functions_2.inc.php, trace stopped
  • 97: foreach($res as $row) // functions_2.inc.php
  • 423: $row = $res->fetch(PDO::FETCH_ASSOC)){ // functions_tksg.inc.phpif(empty($_stored_data)), if($res->rowcount()),
  • 362: $row = $pdo->select ($sql) // if(empty($_stored_data)), if($from_Y > 0) else , functions_tksg.inc.php, trace stopped
  • 363: $row = reset($row) // functions_tksg.inc.phpif(empty($_stored_data)), if($from_Y > 0) else ,
  • 1412: $ret[$_bol][$_tka]['osszes'] += $row['rnd_kiszallitott'] // functions_2.inc.phpif(!empty($res)), if($_tka == 'malac'),
  • 1376: $ret = [] // functions_2.inc.php
  • 949: $ret += multiplication (division (multiplication ($nap$sor['ttr_tap_per_nap'])1000)$tap_ar) // functions_2.inc.phpif(empty($storedret)), if($nap > 0 && $nap <= $n),
  • 953: $ret += multiplication (division (multiplication ($n$sor['ttr_tap_per_nap'])1000)$tap_ar) // functions_2.inc.phpif(empty($storedret)), elseif($nap > 0 && $nap >= $n),
  • 961: $ret += multiplication (division (multiplication ($nap$_prev_sor['ttr_tap_per_nap'])1000)$tap_ar) // functions_2.inc.phpif(empty($storedret)), if($nap > 0),
  • 964: $ret = round($ret3) // functions_2.inc.phpif(empty($storedret)),
  • 1417: $ret[$_bol][$_tka]['osszes'] += $row['rnd_kiszallitott'] // functions_2.inc.phpif(!empty($res)), elseif($_tka == 'hulla'),
  • 1425: $ret[$_bol][$_tka]['osszes'] += $row['rnd_kiszallitott'] // functions_2.inc.phpif(!empty($res)), elseif($_tka == 'elosertes'),
  • 1434: $ret[$_bol][$_tka]['osszes'] += $row['rnd_kiszallitott'] // functions_2.inc.phpif(!empty($res)), elseif($_tka == 'elosertes') else ,
  • 1439: foreach($ret as $bol_az=>$bol_data) // functions_2.inc.phpif(!empty($res)),
  • 276: $sql = "SELECT *,  IF(tka_csop_name IN ('hulla','elosertes'),-1,1) as num_direction,  SUM(rnd_mennyiseg*rnd_tomeg) as x_tomeg,  SUM(rnd_kiszallitott) as x_mennyiseg,  SUM(rnd_kiszallitott*rnd_tomeg*rnd_onkoltseg) as x_onkoltseg  FROM io_rendeles_reszletei  JOIN io_rendeles ON ren_az=rnd_ren_az AND ren_telep_tka_az>0 AND ren_del=0  JOIN io_bolt ON bol_az=ren_bol_az AND bol_del=0  JOIN io_vevo ON vev_az=bol_vev_az AND vev_del=0  JOIN io_regio ON reg_az=vev_reg_az AND reg_del=0  JOIN io_lanc ON lan_az=reg_lan_az AND lan_del=0  JOIN io_termekkategoria ON ren_telep_tka_az=tka_az  LEFT JOIN io_termek ON rnd_ter_az=ter_az AND ter_del=0  WHERE ren_telep_tka_az>0 AND ren_del=0 AND tka_csop_name IN ('malac','tenyesz','hulla','elosertes')  AND ren_szallitas<='" . rdatum_datumbol ($dt) . "'  AND bol_az='" . $bol_az . "'  AND reg_rot_datum_indulas<='$dt' AND (reg_rot_datum_befejezes>='$dt' OR reg_rot_datum_befejezes='0000-00-00')  GROUP BY ren_bol_az, rnd_az  ORDER BY ren_telep_tka_az, ren_szallitas, ren_az" // functions_3.inc.php
    • requires:
      • 275: if(empty($storedret[$storedkey]))
  • Vulnerability is also triggered in:
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/log_db.php
SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side. (Blind exploitation)
  • 3002: $row = $res->fetch(PDO::FETCH_ASSOC)){ // functions_2.inc.phpif($res->rowcount()),
  • 2937: $row = $res->fetch(PDO::FETCH_ASSOC)){ // functions_2.inc.phpif($res->rowcount()),
  • 2872: $row = $res->fetch(PDO::FETCH_ASSOC)){ // functions_2.inc.phpif($res->rowcount()),
  • 2757: $res = $pdo->select ("SELECT * FROM io_majminoseg  JOIN io_majkategoria ON mam_mka_az=mka_az  JOIN io_rendeles ON ren_telep_tka_group=mam_tka_group AND ren_del=0 AND ren_bol_az='" . $bol_az . "'  WHERE ren_bol_az='" . $bol_az . "'  ORDER BY mka_nev") // functions_2.inc.php, trace stopped
  • 2764: foreach($res as $row) // functions_2.inc.phpif(!empty($res)),
  • 2744: $res = $pdo->select ($sql_tka_hmr) // functions_2.inc.php, trace stopped
  • 2746: foreach($res as $row) // functions_2.inc.php
  • 2717: $res = $pdo->select ("SELECT ren_telep_tka_group,       SUM(rnd_mennyiseg) as x_rnd_mennyiseg     FROM io_rendeles_reszletei     JOIN io_rendeles ON rnd_ren_az=ren_az AND ren_del=0 AND ren_telep_tka_az=8     WHERE ren_bol_az = '" . $bol_az . "' AND ren_telep_tka_group IN ('" . implode("','"$arr_hmi_tka_groups) . "')" . (" AND ren_szallitas<='" . $rdatum . "' " : "") . " GROUP BY ren_telep_tka_group") // functions_2.inc.php, trace stopped
  • 2725: foreach($res as $row) // functions_2.inc.php
  • 2704: $res = $pdo->select ("SELECT hmi_tka_group,       COUNT(DISTINCT hmr_az) as x_hmi_db     FROM io_husminoseg_reszlet     JOIN io_husminoseg ON hmi_hmd_az=hmr_hmd_az     WHERE hmi_tka_group IN ('" . implode("','"$arr_hmi_tka_groups) . "')     GROUP BY hmi_tka_group") // functions_2.inc.php, trace stopped
  • 2710: foreach($res as $row) // functions_2.inc.php
  • 2685: $res = $pdo->select ($sql) // functions_2.inc.php, trace stopped
  • 2688: $row = reset($res) // functions_2.inc.phpif(!empty($res)),
  • 2646: $row = $res->fetch(PDO::FETCH_ASSOC)){ // functions_2.inc.phpif(defset('MOD_TOJAS', FALSE) === TRUE), if($res->rowcount()),
  • 2480: $row = $res->fetch(PDO::FETCH_ASSOC)){ // functions_2.inc.phpif($res->rowcount()),
  • 2311: $row = $res->fetch(PDO::FETCH_ASSOC)){ // functions_2.inc.phpif($res->rowcount()),
  • 2173: $row = $res->fetch(PDO::FETCH_ASSOC)){ // functions_2.inc.phpif($res->rowcount()),
  • 1872: $row = $res->fetch(PDO::FETCH_ASSOC)){ // functions_2.inc.phpif($res->rowcount()),
  • 1492: $res = $pdo->select ($_sql) // functions_2.inc.php, trace stopped
  • 1495: foreach($res as $row) // functions_2.inc.phpif(!empty($res)),
  • 1378: $res = $pdo->select ("SELECT *     FROM io_rendeles     JOIN io_rendeles_reszletei ON ren_az = rnd_ren_az AND ren_del = 0 AND rnd_kiszallitott > 0     JOIN io_termek ON rnd_ter_az = ter_az     JOIN io_termekkategoria ON ter_tka_az = tka_az AND tka_telep = 1 AND tka_csop_name IN ('malac','elosertes','hulla')     JOIN io_bolt ON ren_bol_az = bol_az AND bol_del = 0     JOIN io_vevo ON vev_az = bol_vev_az AND vev_del = 0     JOIN io_regio ON reg_az = vev_reg_az AND reg_del = 0     JOIN io_lanc ON lan_az = reg_lan_az AND lan_del = 0     WHERE lan_telep = 1 AND ren_del = 0 $cond     ORDER BY ren_szallitas") // functions_2.inc.php, trace stopped
  • 1391: foreach($res as $row) // functions_2.inc.phpif(!empty($res)),
  • 1256: $res = $pdo->select ($_sql) // functions_2.inc.php, trace stopped
  • 1259: foreach($res as $row) // functions_2.inc.phpif(!empty($res)),
  • 1189: $res = $pdo->select ("SELECT tsg_lag_az, tsg_ev, tsg_honap,       SUM(tsg_osszeg) as tsg_osszeg  FROM io_telepi_koltseg  WHERE 1 $cond  GROUP BY tsg_ev, tsg_honap  ORDER BY tsg_ev, tsg_honap") // functions_2.inc.php, trace stopped
  • 1197: foreach($res as $row) // functions_2.inc.phpif(!empty($res)),
  • 617: $res = $pdo->select ($sql[':trr_nevelo_rnd_az'=>$nevelo_rnd_az]) // functions_2.inc.php, trace stopped
  • 622: $row = reset($res) // functions_2.inc.phpif(!empty($res)),
  • 3004: $lan_az = $row['lan_az'] // functions_2.inc.phpif($res->rowcount()), if(empty($lan_az)),
  • 0: $dt is not initialized and http://php.net/register_globals is enabled
  • Vulnerability is also triggered in:
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/log_db.php
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $_func0 is not initialized and http://php.net/register_globals is enabled
  • 170: $func = $_func0 . '0' // functions_hmd.inc.phpif(is_numeric($method)) else ,
  • 172: $func $func($params) // functions_hmd.inc.php
File Disclosure

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 322: file_get_contents $logo_content = file_get_contents($_FILES['custom_logo']['tmp_name'])
    • requires:
      • 40: if(isset($mentes))
      • 234: if($superadmin)
      • 307: if(!empty($_FILES['custom_logo']) && !empty($_FILES['custom_logo']['tmp_name']))
      • 320: if(!in_array($file_extension$allowed_image_extension)) else 

File: /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/termekcsoportok.php

Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $tcs_nev is not initialized and http://php.net/register_globals is enabled
  • 372: print print " value=\"$tcs_nev\""
    • requires:
      • 364: if($funkcio == "felvitel")
      • 371: if(isset($tcs_nev))
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $tcs_megjegyzes is not initialized and http://php.net/register_globals is enabled
  • 379: print print $tcs_megjegyzes
    • requires:
      • 364: if($funkcio == "felvitel")
      • 378: if(isset($tcs_megjegyzes))

File: /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/gyarto.php

Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 268: $table_head['rows'][2]['columns'][] = ['data'=>$form->button('mehet'__MEHET['class'=>'btn_save_2_img gkh_save']) . '&nbsp;&nbsp;' . $form->button('vissza1'__VISSZA['class'=>'btn_back_2_img''other'=>'onclick="location.href=\'index.php?prg=' . $_REQUEST['prg'] . '&alp=' . $_REQUEST['alp'] . '&funkcio=bolt"'])'attributes'=>
  • 513: print print Animal::getrender()->render('table'$table_head)
    • requires:
      • 25: if(isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] === 'XMLHttpRequest')
      • 132: elseif($_REQUEST['do'] == "gkh_load")

File: /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/felhasznalok.php

Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 44: $res = $pdo->select ("SELECT *         FROM io_jog         WHERE 1         ORDER BY jog_az") // if(jogszint($fel_az, 'admin', 'users') == 2), , trace stopped
  • 50: foreach($res as $row) // if(jogszint($fel_az, 'admin', 'users') == 2), if(!empty($res)),
  • 51: $output['jog_kapcsolo'][$row'jog_az'] = jogszint ($_REQUEST['fel_az']$row['jog_prg']$row['jog_alp']) // if(jogszint($fel_az, 'admin', 'users') == 2), if(!empty($res)),
  • 56: print print mi_json_encode ($output)
    • requires:
      • 24: if(isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] === 'XMLHttpRequest')
      • 34: if($_REQUEST['do'] == 'jog_masolas')
SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $kazon is not initialized and http://php.net/register_globals is enabled
  • 722: $kazoninc = 'AND fel_az = ' . $kazon : ''
  • 726: $query = "SELECT *     FROM io_felhasznalo     WHERE fel_del = 0 $kazoninc AND (fel_az > 1 OR '$kazon' = 1)     ORDER BY fel_nev, fel_az"
  • 731: select $eredmeny = $pdo->select ($query)
    • requires:
      • 671: if($funkcio == '')
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $felhasznaloSzintek is not initialized and http://php.net/register_globals is enabled
  • 789: $sor = $pdo->retrieve('io_felhasznalo''*'['fel_az'=>$aktualis'fel_del'=>0]) // , trace stopped
  • 882: print print $form->select ('fel_szint'$felhasznaloSzintek(int)$sor['fel_szint']['class'=>'legordulo''style'=>'width: 130px;'])
    • requires:
      • 779: if($funkcio == 'modosit')
      • 875: if(Animal::currentuser()->record['fel_szint'] == 255)
File Inclusion

Userinput reaches sensitive sink when function getavailablepanels() is called.
  • 451: foreach(glob(__DIR__ . "/panels/*.php") as $path) // DashboardController.php
  • 453: require_once require_once $path // DashboardController.php
    • requires:
      • 451:  function getavailablepanels()
      • 448:  function getavailablepanels()
SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 525: $query = 'SELECT *, IF(lan_az = "' . RAKTAR_LAN_AZ . '", 1,0) as is_raktar ' // DashboardController.php
  • 526: $query .= 'FROM io_lanc ' // DashboardController.php
  • 0: $cond_outer is not initialized and http://php.net/register_globals is enabled
  • 527: $query .= 'WHERE ((lan_telep = 1 ' . $cond_outer . ') OR lan_az = "' . RAKTAR_LAN_AZ . '") AND lan_del = 0 ' // DashboardController.php
  • 528: $query .= 'ORDER BY is_raktar, lan_nev' // DashboardController.php
  • 530: select $result = $pdo->select ($query) // DashboardController.php
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $felhasznaloSzintek is not initialized and http://php.net/register_globals is enabled
  • 1362: $value = $_POST['fel_szint']??0
  • 1363: print print $form->select ('fel_szint'$felhasznaloSzintek(int)$value['class'=>'legordulo''style'=>'width: 130px;'])
    • requires:
      • 1303: if($funkcio == 'felvitel')
      • 1359: if(Animal::currentuser()->record['fel_szint'] == 255)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 772: $mmas = munkaugy_munkalista::getworkerslist()
  • 774: foreach($mmas as $mma)
  • 775: $mmaOptions[$mma'mma_az'] = $mma['mma_nev']
  • 1381: $value = $_POST['fel_mma_az']??0
  • 1382: print print $form->select ('fel_mma_az'$mmaOptions$value['class'=>'legordulo''style'=>'width: 130px;'])
    • requires:
      • 1303: if($funkcio == 'felvitel')

File: /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/future_litter.php

Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $tfl_gev_az_line1boar is not initialized and http://php.net/register_globals is enabled
  • 156: $values = ['tfl_gev_az_line1boar'=>$tfl_gev_az_line1boar : 0'tfl_gev_az_line2boar'=>$tfl_gev_az_line2boar : 0'tfl_gev_az_line3boar'=>$tfl_gev_az_line3boar : 0'tfl_gev_az_sow'=>$tfl_gev_az_sow : 0'tfl_tpd_az_sow'=>$tfl_tpd_az_sow : 0'tfl_gev_az_litter'=>$tfl_gev_az_litter : 0'tfl_tpd_az_litter'=>$tfl_tpd_az_litter : 0'tfl_tpd_az_litmale'=>$tfl_tpd_az_litmale : 0'tfl_tpd_az_litfemale' // if(isset($mentes)), if(empty($arr_hiba)), if(!empty($aktualis)) else ,
  • 168: $insertID = $pdo->insert ('io_tny_futlit'$values"INSERT"FALSE) // if(isset($mentes)), if(empty($arr_hiba)), if(!empty($aktualis)) else ,
  • 207: $aktualis = $insertID // if(isset($mentes)), if(empty($arr_hiba)), if(!empty($aktualis)) else , if($checkrow == $values), if(isset($ujfelvitel)) else ,
  • 584: echo echo $aktualis
    • requires:
      • 393: if($funkcio == "modosit" && !empty($aktualis))

File: /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/dolgozok.php

Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $fel_nev is not initialized and http://php.net/register_globals is enabled
  • 243: print print " value=\"$fel_nev\""
    • requires:
      • 235: if($funkcio == "felvitel")
      • 242: if(isset($fel_nev))
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $fel_beosztas is not initialized and http://php.net/register_globals is enabled
  • 251: print print "value='" . $fel_beosztas . "'>"
    • requires:
      • 235: if($funkcio == "felvitel")
      • 250: if(isset($fel_beosztas))

File: /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/lekerdezes_jelentesek.php

Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 17: $date_s = date('Y'strtotime('-1 year')) . '-01-01'
  • 18: $date_e = date('Y'strtotime('-1 year')) . '-12-31'
  • 20: $filters = ['date_s'=>$_REQUEST['date_s'] : $date_s'date_e'=>$_REQUEST['date_e'] : $date_e'lan_az'=>$_REQUEST['lan_az'] : []]
  • 30: $table1 = lekerdezes_jelentesek_get_table_filters($filters)
  • 31: print print $ns->render('table'$table1)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 17: $date_s = date('Y'strtotime('-1 year')) . '-01-01'
  • 18: $date_e = date('Y'strtotime('-1 year')) . '-12-31'
  • 20: $filters = ['date_s'=>$_REQUEST['date_s'] : $date_s'date_e'=>$_REQUEST['date_e'] : $date_e'lan_az'=>$_REQUEST['lan_az'] : []]
  • 49: $table = lekerdezes_jelentesek_get_table_all($filters)
  • 50: print print $ns->render('table'$table)
    • requires:
      • 34: if(!empty($_REQUEST['action']))
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 17: $date_s = date('Y'strtotime('-1 year')) . '-01-01'
  • 18: $date_e = date('Y'strtotime('-1 year')) . '-12-31'
  • 20: $filters = ['date_s'=>$_REQUEST['date_s'] : $date_s'date_e'=>$_REQUEST['date_e'] : $date_e'lan_az'=>$_REQUEST['lan_az'] : []]
  • 55: $table = lekerdezes_jelentesek_get_table_sow($filters)
  • 56: print print $ns->render('table'$table)
    • requires:
      • 34: if(!empty($_REQUEST['action']))
      • 53: if(defset ('MOD_TENYESZTES'FALSE) === TRUE)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 17: $date_s = date('Y'strtotime('-1 year')) . '-01-01'
  • 18: $date_e = date('Y'strtotime('-1 year')) . '-12-31'
  • 20: $filters = ['date_s'=>$_REQUEST['date_s'] : $date_s'date_e'=>$_REQUEST['date_e'] : $date_e'lan_az'=>$_REQUEST['lan_az'] : []]
  • 61: $table = lekerdezes_jelentesek_get_table_swine($filters)
  • 62: print print $ns->render('table'$table)
    • requires:
      • 34: if(!empty($_REQUEST['action']))
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 17: $date_s = date('Y'strtotime('-1 year')) . '-01-01'
  • 18: $date_e = date('Y'strtotime('-1 year')) . '-12-31'
  • 20: $filters = ['date_s'=>$_REQUEST['date_s'] : $date_s'date_e'=>$_REQUEST['date_e'] : $date_e'lan_az'=>$_REQUEST['lan_az'] : []]
  • 66: $table = lekerdezes_jelentesek_get_table_livestock($filters)
  • 67: print print $ns->render('table'$table)
    • requires:
      • 34: if(!empty($_REQUEST['action']))
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 17: $date_s = date('Y'strtotime('-1 year')) . '-01-01'
  • 18: $date_e = date('Y'strtotime('-1 year')) . '-12-31'
  • 20: $filters = ['date_s'=>$_REQUEST['date_s'] : $date_s'date_e'=>$_REQUEST['date_e'] : $date_e'lan_az'=>$_REQUEST['lan_az'] : []]
  • 72: $table = lekerdezes_jelentesek_get_table_sow_other($filters)
  • 73: print print $ns->render('table'$table)
    • requires:
      • 34: if(!empty($_REQUEST['action']))
      • 70: if(defset ('MOD_TENYESZTES'FALSE) === TRUE)

File: /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/testtomeg_tabla.php

SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $jump_aktualis is not initialized and http://php.net/register_globals is enabled
  • 66: $aktualis = $jump_aktualis // if(!empty($btn_jump) && !empty($jump_aktualis)),
  • 87: select $res = $pdo->select ("SELECT *     FROM io_testtomegtabla     WHERE tth_az = '$aktualis'       AND tth_deletable = 1       AND tth_del = 0")
    • requires:
      • 86: if(isset($torles) && !empty($aktualis))
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $tth_nev is not initialized and http://php.net/register_globals is enabled
  • 372: $values = ['tth_nev'=>(string)($tth_nev : '')'tth_profil_az'=>(int)($tth_profil_az : 0)'tth_tipus'=>(int)($tth_tipus : 0)'tth_gen_az'=>(int)($tth_gen_az : 0)'tth_megjegyzes'=>(string)($tth_megjegyzes : '')'tth_letrehozva'=>(string)( // if(isset($mentes) || (isset($ttt_copy) && !empty($aktualis))), if(isset($aktualis)) else , if(empty($arr_hiba)),
  • 380: $aktualis = $pdo->insert ('io_testtomegtabla'$values) // if(isset($mentes) || (isset($ttt_copy) && !empty($aktualis))), if(isset($aktualis)) else , if(empty($arr_hiba)),
  • 718: print print "<input type=\"hidden\" name=\"aktualis\" value=\"" . $aktualis . "\">"
    • requires:
      • 553: if($funkcio == "modosit")
      • 561: if(1 == 1)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $tth_nev is not initialized and http://php.net/register_globals is enabled
  • 372: $values = ['tth_nev'=>(string)($tth_nev : '')'tth_profil_az'=>(int)($tth_profil_az : 0)'tth_tipus'=>(int)($tth_tipus : 0)'tth_gen_az'=>(int)($tth_gen_az : 0)'tth_megjegyzes'=>(string)($tth_megjegyzes : '')'tth_letrehozva'=>(string)( // if(isset($mentes) || (isset($ttt_copy) && !empty($aktualis))), if(isset($aktualis)) else , if(empty($arr_hiba)),
  • 380: $aktualis = $pdo->insert ('io_testtomegtabla'$values) // if(isset($mentes) || (isset($ttt_copy) && !empty($aktualis))), if(isset($aktualis)) else , if(empty($arr_hiba)),
  • 567: $sor = $pdo->selectfirst("SELECT *,           COUNT(DISTINCT r.reg_az) as cnt_reg         FROM io_testtomegtabla         LEFT JOIN (           SELECT *           FROM io_regio           JOIN io_lanc ON reg_lan_az=lan_az           WHERE lan_del = 0 AND reg_del = 0         ) as r ON tth_az IN (r.reg_tth_az, r.reg_tth_az_noivar)         WHERE tth_az = :tth_az AND tth_del = 0"[':tth_az'=>$aktualis])
  • 773: print print " value=\"" . $sor['tth_indulosuly'] . "\" class=\"bevitel lefut\" size=5>"
    • requires:
      • 553: if($funkcio == "modosit")
      • 561: if(1 == 1)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 900: $i = 0
  • 729: $res_ttr = $pdo->select ("SELECT *         FROM io_testtomegtabla_reszletei         WHERE ttr_tth_az = :ttr_tth_az         ORDER BY ttr_napig"[':ttr_tth_az'=>$aktualis]) // , trace stopped
  • 737: foreach($res_ttr as $row_ttr) // if(!empty($res_ttr)),
  • 738: $arr[$row_ttr'ttr_napig'] = $row_ttr // if(!empty($res_ttr)),
  • 726: $arr = []
  • 0: $a_megjegyzes is not initialized and http://php.net/register_globals is enabled
  • 293: $arr[$napig]['ttr_megjegyzes'] = (string)($a_megjegyzes[$k] : '') // if(isset($mentes) || (isset($ttt_copy) && !empty($aktualis))), if(isset($aktualis)), if(!sizeof($arr_hiba)), if(!empty($napig)),
  • 908: foreach($arr as $k=>$row)
  • 939: print print "<input type=\"text\" name=\"a_napig[$i]\"" . (" disabled" : "") . " value=\"" . $row['ttr_napig'] . "\" class=\"bevitel lefut\" size=8>"
    • requires:
      • 553: if($funkcio == "modosit")
      • 561: if(1 == 1)
      • 904: if(is_array($arr) && !empty($arr))
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 900: $i = 0
  • 729: $res_ttr = $pdo->select ("SELECT *         FROM io_testtomegtabla_reszletei         WHERE ttr_tth_az = :ttr_tth_az         ORDER BY ttr_napig"[':ttr_tth_az'=>$aktualis]) // , trace stopped
  • 737: foreach($res_ttr as $row_ttr) // if(!empty($res_ttr)),
  • 738: $arr[$row_ttr'ttr_napig'] = $row_ttr // if(!empty($res_ttr)),
  • 726: $arr = []
  • 0: $a_megjegyzes is not initialized and http://php.net/register_globals is enabled
  • 293: $arr[$napig]['ttr_megjegyzes'] = (string)($a_megjegyzes[$k] : '') // if(isset($mentes) || (isset($ttt_copy) && !empty($aktualis))), if(isset($aktualis)), if(!sizeof($arr_hiba)), if(!empty($napig)),
  • 908: foreach($arr as $k=>$row)
  • 943: print print "<input type=\"text\" name=\"a_napi_gyarapodas[$i]\"" . (" disabled" : "") . " value=\"" . $row['ttr_napi_gyarapodas'] . "\" class=\"bevitel lefut\" size=8>"
    • requires:
      • 553: if($funkcio == "modosit")
      • 561: if(1 == 1)
      • 904: if(is_array($arr) && !empty($arr))
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 900: $i = 0
  • 729: $res_ttr = $pdo->select ("SELECT *         FROM io_testtomegtabla_reszletei         WHERE ttr_tth_az = :ttr_tth_az         ORDER BY ttr_napig"[':ttr_tth_az'=>$aktualis]) // , trace stopped
  • 737: foreach($res_ttr as $row_ttr) // if(!empty($res_ttr)),
  • 738: $arr[$row_ttr'ttr_napig'] = $row_ttr // if(!empty($res_ttr)),
  • 726: $arr = []
  • 0: $a_megjegyzes is not initialized and http://php.net/register_globals is enabled
  • 293: $arr[$napig]['ttr_megjegyzes'] = (string)($a_megjegyzes[$k] : '') // if(isset($mentes) || (isset($ttt_copy) && !empty($aktualis))), if(isset($aktualis)), if(!sizeof($arr_hiba)), if(!empty($napig)),
  • 908: foreach($arr as $k=>$row)
  • 951: print print "<input type=\"text\" name=\"a_napi_vizfogyasztas[$i]\"" . (" disabled" : "") . " value=\"" . $row['ttr_napi_vizfogyasztas'] . "\" class=\"bevitel lefut\" size=8>"
    • requires:
      • 553: if($funkcio == "modosit")
      • 561: if(1 == 1)
      • 904: if(is_array($arr) && !empty($arr))
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 900: $i = 0
  • 729: $res_ttr = $pdo->select ("SELECT *         FROM io_testtomegtabla_reszletei         WHERE ttr_tth_az = :ttr_tth_az         ORDER BY ttr_napig"[':ttr_tth_az'=>$aktualis]) // , trace stopped
  • 737: foreach($res_ttr as $row_ttr) // if(!empty($res_ttr)),
  • 738: $arr[$row_ttr'ttr_napig'] = $row_ttr // if(!empty($res_ttr)),
  • 726: $arr = []
  • 0: $a_megjegyzes is not initialized and http://php.net/register_globals is enabled
  • 293: $arr[$napig]['ttr_megjegyzes'] = (string)($a_megjegyzes[$k] : '') // if(isset($mentes) || (isset($ttt_copy) && !empty($aktualis))), if(isset($aktualis)), if(!sizeof($arr_hiba)), if(!empty($napig)),
  • 908: foreach($arr as $k=>$row)
  • 959: print print "<input type=\"text\" name=\"a_tap_fazis[$i]\"" . (" disabled" : "") . " value=\"" . $row['ttr_tap_fazis'] . "\" class=\"bevitel lefut\" size=8>"
    • requires:
      • 553: if($funkcio == "modosit")
      • 561: if(1 == 1)
      • 904: if(is_array($arr) && !empty($arr))
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 900: $i = 0
  • 580: $tmp = $pdo->select ("SELECT ter_az, ter_nev         FROM io_termek         WHERE ter_del = 0           AND ter_tka_az = 10           AND (ter_lan_profil_bitmask&POW(2, :lan_profil_az)) <> 0         ORDER BY ter_nev"[':lan_profil_az'=>(int)$sor['tth_profil_az']]) // , trace stopped
  • 593: foreach($tmp as $k=>$v)
  • 594: $opt_elhullas_ter_az[$v'ter_az'] = ['data'=>$v['ter_nev']]
  • 729: $res_ttr = $pdo->select ("SELECT *         FROM io_testtomegtabla_reszletei         WHERE ttr_tth_az = :ttr_tth_az         ORDER BY ttr_napig"[':ttr_tth_az'=>$aktualis]) // , trace stopped
  • 737: foreach($res_ttr as $row_ttr) // if(!empty($res_ttr)),
  • 738: $arr[$row_ttr'ttr_napig'] = $row_ttr // if(!empty($res_ttr)),
  • 726: $arr = []
  • 0: $a_megjegyzes is not initialized and http://php.net/register_globals is enabled
  • 293: $arr[$napig]['ttr_megjegyzes'] = (string)($a_megjegyzes[$k] : '') // if(isset($mentes) || (isset($ttt_copy) && !empty($aktualis))), if(isset($aktualis)), if(!sizeof($arr_hiba)), if(!empty($napig)),
  • 908: foreach($arr as $k=>$row)
  • 975: print print $form->select ("a_elhullas_ter_az[" . $i . "]"$opt_elhullas_ter_az$row['ttr_elhullas_ter_az']["class"=>"legordulo"])
    • requires:
      • 553: if($funkcio == "modosit")
      • 561: if(1 == 1)
      • 904: if(is_array($arr) && !empty($arr))
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 900: $i = 0
  • 729: $res_ttr = $pdo->select ("SELECT *         FROM io_testtomegtabla_reszletei         WHERE ttr_tth_az = :ttr_tth_az         ORDER BY ttr_napig"[':ttr_tth_az'=>$aktualis]) // , trace stopped
  • 737: foreach($res_ttr as $row_ttr) // if(!empty($res_ttr)),
  • 738: $arr[$row_ttr'ttr_napig'] = $row_ttr // if(!empty($res_ttr)),
  • 726: $arr = []
  • 0: $a_megjegyzes is not initialized and http://php.net/register_globals is enabled
  • 293: $arr[$napig]['ttr_megjegyzes'] = (string)($a_megjegyzes[$k] : '') // if(isset($mentes) || (isset($ttt_copy) && !empty($aktualis))), if(isset($aktualis)), if(!sizeof($arr_hiba)), if(!empty($napig)),
  • 908: foreach($arr as $k=>$row)
  • 979: print print "<input type=\"text\" name=\"a_elhullas_szazalek[$i]\" id=\"a_elhullas_szazalek[$i]\"" . (" disabled" : "") . " value=\"" . $row['ttr_elhullas_szazalek'] . "\" class=\"bevitel\" size=8>"
    • requires:
      • 553: if($funkcio == "modosit")
      • 561: if(1 == 1)
      • 904: if(is_array($arr) && !empty($arr))
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 900: $i = 0
  • 729: $res_ttr = $pdo->select ("SELECT *         FROM io_testtomegtabla_reszletei         WHERE ttr_tth_az = :ttr_tth_az         ORDER BY ttr_napig"[':ttr_tth_az'=>$aktualis]) // , trace stopped
  • 737: foreach($res_ttr as $row_ttr) // if(!empty($res_ttr)),
  • 738: $arr[$row_ttr'ttr_napig'] = $row_ttr // if(!empty($res_ttr)),
  • 726: $arr = []
  • 0: $a_megjegyzes is not initialized and http://php.net/register_globals is enabled
  • 293: $arr[$napig]['ttr_megjegyzes'] = (string)($a_megjegyzes[$k] : '') // if(isset($mentes) || (isset($ttt_copy) && !empty($aktualis))), if(isset($aktualis)), if(!sizeof($arr_hiba)), if(!empty($napig)),
  • 908: foreach($arr as $k=>$row)
  • 997: print print "<input type=\"text\" sorom='" . $i . "' id='a_tojashozam_szazalek[$i]' name=\"a_tojashozam_szazalek[$i]\"" . (" disabled" : "") . " value=\"" . $row['ttr_tojashozam_szazalek'] . "\" class=\"bevitel lefut toj_db toj_tomeg_index\" size=8>"
    • requires:
      • 553: if($funkcio == "modosit")
      • 561: if(1 == 1)
      • 904: if(is_array($arr) && !empty($arr))
      • 982: if(defset ('MOD_TOJAS'FALSE) === TRUE && $sor['tth_tojatas'])
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 900: $i = 0
  • 729: $res_ttr = $pdo->select ("SELECT *         FROM io_testtomegtabla_reszletei         WHERE ttr_tth_az = :ttr_tth_az         ORDER BY ttr_napig"[':ttr_tth_az'=>$aktualis]) // , trace stopped
  • 737: foreach($res_ttr as $row_ttr) // if(!empty($res_ttr)),
  • 738: $arr[$row_ttr'ttr_napig'] = $row_ttr // if(!empty($res_ttr)),
  • 726: $arr = []
  • 0: $a_megjegyzes is not initialized and http://php.net/register_globals is enabled
  • 293: $arr[$napig]['ttr_megjegyzes'] = (string)($a_megjegyzes[$k] : '') // if(isset($mentes) || (isset($ttt_copy) && !empty($aktualis))), if(isset($aktualis)), if(!sizeof($arr_hiba)), if(!empty($napig)),
  • 908: foreach($arr as $k=>$row)
  • 1001: print print "<input type=\"text\" id='a_tojas_darab[$i]' name=\"a_tojas_darab[$i]\"" . (" disabled" : "") . " value=\"" . $row['ttr_tojas_darab'] . "\" class=\"bevitel lefutt\" size=8>"
    • requires:
      • 553: if($funkcio == "modosit")
      • 561: if(1 == 1)
      • 904: if(is_array($arr) && !empty($arr))
      • 982: if(defset ('MOD_TOJAS'FALSE) === TRUE && $sor['tth_tojatas'])
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 900: $i = 0
  • 744: $meretek_q = $pdo->select ("SELECT *           FROM io_tojasmeret_kategoriak           ORDER BY tmk_az") // if(defset('MOD_TOJAS', FALSE) === TRUE && $sor), , trace stopped
  • 748: foreach($meretek_q as $meretek) // if(defset('MOD_TOJAS', FALSE) === TRUE && $sor),
  • 751: $tojas_meretek[$meretek'tmk_az']['ig'] = $meretek['tmk_ig'] // if(defset('MOD_TOJAS', FALSE) === TRUE && $sor),
  • 750: $tojas_meretek[$meretek'tmk_az']['tol'] = $meretek['tmk_tol'] // if(defset('MOD_TOJAS', FALSE) === TRUE && $sor),
  • 749: $tojas_meretek[$meretek'tmk_az']['nev'] = $meretek['tmk_nev'] // if(defset('MOD_TOJAS', FALSE) === TRUE && $sor),
  • 1005: foreach($tojas_meretek as $tmk_k=>$tmk_v)
  • 729: $res_ttr = $pdo->select ("SELECT *         FROM io_testtomegtabla_reszletei         WHERE ttr_tth_az = :ttr_tth_az         ORDER BY ttr_napig"[':ttr_tth_az'=>$aktualis]) // , trace stopped
  • 737: foreach($res_ttr as $row_ttr) // if(!empty($res_ttr)),
  • 738: $arr[$row_ttr'ttr_napig'] = $row_ttr // if(!empty($res_ttr)),
  • 726: $arr = []
  • 0: $a_megjegyzes is not initialized and http://php.net/register_globals is enabled
  • 293: $arr[$napig]['ttr_megjegyzes'] = (string)($a_megjegyzes[$k] : '') // if(isset($mentes) || (isset($ttt_copy) && !empty($aktualis))), if(isset($aktualis)), if(!sizeof($arr_hiba)), if(!empty($napig)),
  • 908: foreach($arr as $k=>$row)
  • 1006: $ttm_adat = $pdo->selectfirst("SELECT *                   FROM io_testtomegtabla_termekenkent                   WHERE ttm_ttr_az = :ttm_ttr_az AND ttm_tmk_az = :ttm_tmk_az "[':ttm_ttr_az'=>$row['ttr_az']':ttm_tmk_az'=>$tmk_k])
  • 1015: print print "<input type='text' class='bevitel' name='a_tojas_termek[$i][$tmk_k]' value='" . $ttm_adat['ttm_tmk_szazalek'] . "' size='8'> "
    • requires:
      • 553: if($funkcio == "modosit")
      • 561: if(1 == 1)
      • 904: if(is_array($arr) && !empty($arr))
      • 982: if(defset ('MOD_TOJAS'FALSE) === TRUE && $sor['tth_tojatas'])
      • 1004: if(defset ('MOD_TOJAS'FALSE) === TRUE && $sor['tth_tojatas_termek'] && !empty($tojas_meretek))
      • 1013: if(!empty($ttm_adat))
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 900: $i = 0
  • 729: $res_ttr = $pdo->select ("SELECT *         FROM io_testtomegtabla_reszletei         WHERE ttr_tth_az = :ttr_tth_az         ORDER BY ttr_napig"[':ttr_tth_az'=>$aktualis]) // , trace stopped
  • 737: foreach($res_ttr as $row_ttr) // if(!empty($res_ttr)),
  • 738: $arr[$row_ttr'ttr_napig'] = $row_ttr // if(!empty($res_ttr)),
  • 726: $arr = []
  • 0: $a_megjegyzes is not initialized and http://php.net/register_globals is enabled
  • 293: $arr[$napig]['ttr_megjegyzes'] = (string)($a_megjegyzes[$k] : '') // if(isset($mentes) || (isset($ttt_copy) && !empty($aktualis))), if(isset($aktualis)), if(!sizeof($arr_hiba)), if(!empty($napig)),
  • 908: foreach($arr as $k=>$row)
  • 1027: print print "<input type=\"text\" sorom='" . $i . "' name=\"a_tojastomeg[$i]\"" . (" disabled" : "") . " value=\"" . $row['ttr_tojastomeg'] . "\" class=\"bevitel lefut toj_tomeg_index\" size=8>"
    • requires:
      • 553: if($funkcio == "modosit")
      • 561: if(1 == 1)
      • 904: if(is_array($arr) && !empty($arr))
      • 982: if(defset ('MOD_TOJAS'FALSE) === TRUE && $sor['tth_tojatas'])
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 900: $i = 0
  • 729: $res_ttr = $pdo->select ("SELECT *         FROM io_testtomegtabla_reszletei         WHERE ttr_tth_az = :ttr_tth_az         ORDER BY ttr_napig"[':ttr_tth_az'=>$aktualis]) // , trace stopped
  • 737: foreach($res_ttr as $row_ttr) // if(!empty($res_ttr)),
  • 738: $arr[$row_ttr'ttr_napig'] = $row_ttr // if(!empty($res_ttr)),
  • 726: $arr = []
  • 0: $a_megjegyzes is not initialized and http://php.net/register_globals is enabled
  • 293: $arr[$napig]['ttr_megjegyzes'] = (string)($a_megjegyzes[$k] : '') // if(isset($mentes) || (isset($ttt_copy) && !empty($aktualis))), if(isset($aktualis)), if(!sizeof($arr_hiba)), if(!empty($napig)),
  • 908: foreach($arr as $k=>$row)
  • 1031: print print "<input type=\"text\" name=\"a_tojastomeg_index[$i]\" id=\"a_tojastomeg_index[$i]\"" . (" disabled" : "") . " value=\"" . $row['ttr_tojastomeg_index'] . "\" class=\"bevitel lefut\" size=8 readonly>"
    • requires:
      • 553: if($funkcio == "modosit")
      • 561: if(1 == 1)
      • 904: if(is_array($arr) && !empty($arr))
      • 982: if(defset ('MOD_TOJAS'FALSE) === TRUE && $sor['tth_tojatas'])
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 900: $i = 0
  • 729: $res_ttr = $pdo->select ("SELECT *         FROM io_testtomegtabla_reszletei         WHERE ttr_tth_az = :ttr_tth_az         ORDER BY ttr_napig"[':ttr_tth_az'=>$aktualis]) // , trace stopped
  • 737: foreach($res_ttr as $row_ttr) // if(!empty($res_ttr)),
  • 738: $arr[$row_ttr'ttr_napig'] = $row_ttr // if(!empty($res_ttr)),
  • 726: $arr = []
  • 0: $a_megjegyzes is not initialized and http://php.net/register_globals is enabled
  • 293: $arr[$napig]['ttr_megjegyzes'] = (string)($a_megjegyzes[$k] : '') // if(isset($mentes) || (isset($ttt_copy) && !empty($aktualis))), if(isset($aktualis)), if(!sizeof($arr_hiba)), if(!empty($napig)),
  • 908: foreach($arr as $k=>$row)
  • 1035: print print "<input type=\"text\" name=\"a_keltetotojas_szazalek[$i]\"" . (" disabled" : "") . " value=\"" . $row['ttr_keltetotojas_szazalek'] . "\" class=\"bevitel lefut\" size=8>"
    • requires:
      • 553: if($funkcio == "modosit")
      • 561: if(1 == 1)
      • 904: if(is_array($arr) && !empty($arr))
      • 982: if(defset ('MOD_TOJAS'FALSE) === TRUE && $sor['tth_tojatas'])
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 900: $i = 0
  • 729: $res_ttr = $pdo->select ("SELECT *         FROM io_testtomegtabla_reszletei         WHERE ttr_tth_az = :ttr_tth_az         ORDER BY ttr_napig"[':ttr_tth_az'=>$aktualis]) // , trace stopped
  • 737: foreach($res_ttr as $row_ttr) // if(!empty($res_ttr)),
  • 738: $arr[$row_ttr'ttr_napig'] = $row_ttr // if(!empty($res_ttr)),
  • 726: $arr = []
  • 0: $a_megjegyzes is not initialized and http://php.net/register_globals is enabled
  • 293: $arr[$napig]['ttr_megjegyzes'] = (string)($a_megjegyzes[$k] : '') // if(isset($mentes) || (isset($ttt_copy) && !empty($aktualis))), if(isset($aktualis)), if(!sizeof($arr_hiba)), if(!empty($napig)),
  • 908: foreach($arr as $k=>$row)
  • 1039: print print "<input type=\"text\" name=\"a_keltetotojas_db[$i]\"" . (" disabled" : "") . " value=\"" . $row['ttr_keltetotojas_db'] . "\" class=\"bevitel lefut\" size=8 readonly>"
    • requires:
      • 553: if($funkcio == "modosit")
      • 561: if(1 == 1)
      • 904: if(is_array($arr) && !empty($arr))
      • 982: if(defset ('MOD_TOJAS'FALSE) === TRUE && $sor['tth_tojatas'])
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 900: $i = 0
  • 729: $res_ttr = $pdo->select ("SELECT *         FROM io_testtomegtabla_reszletei         WHERE ttr_tth_az = :ttr_tth_az         ORDER BY ttr_napig"[':ttr_tth_az'=>$aktualis]) // , trace stopped
  • 737: foreach($res_ttr as $row_ttr) // if(!empty($res_ttr)),
  • 738: $arr[$row_ttr'ttr_napig'] = $row_ttr // if(!empty($res_ttr)),
  • 726: $arr = []
  • 0: $a_megjegyzes is not initialized and http://php.net/register_globals is enabled
  • 293: $arr[$napig]['ttr_megjegyzes'] = (string)($a_megjegyzes[$k] : '') // if(isset($mentes) || (isset($ttt_copy) && !empty($aktualis))), if(isset($aktualis)), if(!sizeof($arr_hiba)), if(!empty($napig)),
  • 908: foreach($arr as $k=>$row)
  • 1043: print print "<input type=\"text\" name=\"a_keltethetoseg[$i]\"" . (" disabled" : "") . " value=\"" . $row['ttr_keltethetoseg'] . "\" class=\"bevitel lefut\" size=8>"
    • requires:
      • 553: if($funkcio == "modosit")
      • 561: if(1 == 1)
      • 904: if(is_array($arr) && !empty($arr))
      • 982: if(defset ('MOD_TOJAS'FALSE) === TRUE && $sor['tth_tojatas'])
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 900: $i = 0
  • 729: $res_ttr = $pdo->select ("SELECT *         FROM io_testtomegtabla_reszletei         WHERE ttr_tth_az = :ttr_tth_az         ORDER BY ttr_napig"[':ttr_tth_az'=>$aktualis]) // , trace stopped
  • 737: foreach($res_ttr as $row_ttr) // if(!empty($res_ttr)),
  • 738: $arr[$row_ttr'ttr_napig'] = $row_ttr // if(!empty($res_ttr)),
  • 726: $arr = []
  • 0: $a_megjegyzes is not initialized and http://php.net/register_globals is enabled
  • 293: $arr[$napig]['ttr_megjegyzes'] = (string)($a_megjegyzes[$k] : '') // if(isset($mentes) || (isset($ttt_copy) && !empty($aktualis))), if(isset($aktualis)), if(!sizeof($arr_hiba)), if(!empty($napig)),
  • 908: foreach($arr as $k=>$row)
  • 1047: print print "<input type=\"text\" name=\"a_naposcsibe_db[$i]\"" . (" disabled" : "") . " value=\"" . $row['ttr_naposcsibe_db'] . "\" class=\"bevitel lefut\" size=8>"
    • requires:
      • 553: if($funkcio == "modosit")
      • 561: if(1 == 1)
      • 904: if(is_array($arr) && !empty($arr))
      • 982: if(defset ('MOD_TOJAS'FALSE) === TRUE && $sor['tth_tojatas'])
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 900: $i = 0
  • 729: $res_ttr = $pdo->select ("SELECT *         FROM io_testtomegtabla_reszletei         WHERE ttr_tth_az = :ttr_tth_az         ORDER BY ttr_napig"[':ttr_tth_az'=>$aktualis]) // , trace stopped
  • 737: foreach($res_ttr as $row_ttr) // if(!empty($res_ttr)),
  • 738: $arr[$row_ttr'ttr_napig'] = $row_ttr // if(!empty($res_ttr)),
  • 726: $arr = []
  • 0: $a_megjegyzes is not initialized and http://php.net/register_globals is enabled
  • 293: $arr[$napig]['ttr_megjegyzes'] = (string)($a_megjegyzes[$k] : '') // if(isset($mentes) || (isset($ttt_copy) && !empty($aktualis))), if(isset($aktualis)), if(!sizeof($arr_hiba)), if(!empty($napig)),
  • 908: foreach($arr as $k=>$row)
  • 1051: print print "<input type=\"text\" name=\"a_naposcsibe_ossz[$i]\" id=\"a_naposcsibe_ossz[$i]\"" . (" disabled" : "") . " value=\"" . $row['ttr_naposcsibe_ossz'] . "\" class=\"bevitel lefut\" size=8 readonly>"
    • requires:
      • 553: if($funkcio == "modosit")
      • 561: if(1 == 1)
      • 904: if(is_array($arr) && !empty($arr))
      • 982: if(defset ('MOD_TOJAS'FALSE) === TRUE && $sor['tth_tojatas'])
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 900: $i = 0
  • 729: $res_ttr = $pdo->select ("SELECT *         FROM io_testtomegtabla_reszletei         WHERE ttr_tth_az = :ttr_tth_az         ORDER BY ttr_napig"[':ttr_tth_az'=>$aktualis]) // , trace stopped
  • 737: foreach($res_ttr as $row_ttr) // if(!empty($res_ttr)),
  • 738: $arr[$row_ttr'ttr_napig'] = $row_ttr // if(!empty($res_ttr)),
  • 726: $arr = []
  • 0: $a_megjegyzes is not initialized and http://php.net/register_globals is enabled
  • 293: $arr[$napig]['ttr_megjegyzes'] = (string)($a_megjegyzes[$k] : '') // if(isset($mentes) || (isset($ttt_copy) && !empty($aktualis))), if(isset($aktualis)), if(!sizeof($arr_hiba)), if(!empty($napig)),
  • 908: foreach($arr as $k=>$row)
  • 1055: print print "<input type=\"text\" name=\"a_homerseklet[$i]\" id=\"a_homerseklet[$i]\"" . (" disabled" : "") . " value=\"" . $row['ttr_homerseklet'] . "\" class=\"bevitel\" size=8>"
    • requires:
      • 553: if($funkcio == "modosit")
      • 561: if(1 == 1)
      • 904: if(is_array($arr) && !empty($arr))
      • 982: if(defset ('MOD_TOJAS'FALSE) === TRUE && $sor['tth_tojatas'])
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 900: $i = 0
  • 729: $res_ttr = $pdo->select ("SELECT *         FROM io_testtomegtabla_reszletei         WHERE ttr_tth_az = :ttr_tth_az         ORDER BY ttr_napig"[':ttr_tth_az'=>$aktualis]) // , trace stopped
  • 737: foreach($res_ttr as $row_ttr) // if(!empty($res_ttr)),
  • 738: $arr[$row_ttr'ttr_napig'] = $row_ttr // if(!empty($res_ttr)),
  • 726: $arr = []
  • 0: $a_megjegyzes is not initialized and http://php.net/register_globals is enabled
  • 293: $arr[$napig]['ttr_megjegyzes'] = (string)($a_megjegyzes[$k] : '') // if(isset($mentes) || (isset($ttt_copy) && !empty($aktualis))), if(isset($aktualis)), if(!sizeof($arr_hiba)), if(!empty($napig)),
  • 908: foreach($arr as $k=>$row)
  • 1059: print print "<input type=\"text\" name=\"a_paratartalom[$i]\" id=\"a_paratartalom[$i]\"" . (" disabled" : "") . " value=\"" . $row['ttr_paratartalom'] . "\" class=\"bevitel\" size=8>"
    • requires:
      • 553: if($funkcio == "modosit")
      • 561: if(1 == 1)
      • 904: if(is_array($arr) && !empty($arr))
      • 982: if(defset ('MOD_TOJAS'FALSE) === TRUE && $sor['tth_tojatas'])
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 900: $i = 0
  • 729: $res_ttr = $pdo->select ("SELECT *         FROM io_testtomegtabla_reszletei         WHERE ttr_tth_az = :ttr_tth_az         ORDER BY ttr_napig"[':ttr_tth_az'=>$aktualis]) // , trace stopped
  • 737: foreach($res_ttr as $row_ttr) // if(!empty($res_ttr)),
  • 738: $arr[$row_ttr'ttr_napig'] = $row_ttr // if(!empty($res_ttr)),
  • 726: $arr = []
  • 0: $a_megjegyzes is not initialized and http://php.net/register_globals is enabled
  • 293: $arr[$napig]['ttr_megjegyzes'] = (string)($a_megjegyzes[$k] : '') // if(isset($mentes) || (isset($ttt_copy) && !empty($aktualis))), if(isset($aktualis)), if(!sizeof($arr_hiba)), if(!empty($napig)),
  • 908: foreach($arr as $k=>$row)
  • 1063: print print "<input type=\"text\" name=\"a_vilagitott_orak[$i]\" id=\"a_vilagitott_orak[$i]\"" . (" disabled" : "") . " value=\"" . $row['ttr_vilagitott_orak'] . "\" class=\"bevitel\" size=8>"
    • requires:
      • 553: if($funkcio == "modosit")
      • 561: if(1 == 1)
      • 904: if(is_array($arr) && !empty($arr))
      • 982: if(defset ('MOD_TOJAS'FALSE) === TRUE && $sor['tth_tojatas'])
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 900: $i = 0
  • 729: $res_ttr = $pdo->select ("SELECT *         FROM io_testtomegtabla_reszletei         WHERE ttr_tth_az = :ttr_tth_az         ORDER BY ttr_napig"[':ttr_tth_az'=>$aktualis]) // , trace stopped
  • 737: foreach($res_ttr as $row_ttr) // if(!empty($res_ttr)),
  • 738: $arr[$row_ttr'ttr_napig'] = $row_ttr // if(!empty($res_ttr)),
  • 726: $arr = []
  • 0: $a_megjegyzes is not initialized and http://php.net/register_globals is enabled
  • 293: $arr[$napig]['ttr_megjegyzes'] = (string)($a_megjegyzes[$k] : '') // if(isset($mentes) || (isset($ttt_copy) && !empty($aktualis))), if(isset($aktualis)), if(!sizeof($arr_hiba)), if(!empty($napig)),
  • 908: foreach($arr as $k=>$row)
  • 1067: print print "<td class=\"tabla_cella\" align=right><input type=\"text\" name=\"a_megjegyzes[$i]\"" . (" disabled" : "") . " value=\"" . $row['ttr_megjegyzes'] . "\" class=\"bevitel\"></td>"
    • requires:
      • 553: if($funkcio == "modosit")
      • 561: if(1 == 1)
      • 904: if(is_array($arr) && !empty($arr))
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 900: $i = 0
  • 0: $a_napig is not initialized and http://php.net/register_globals is enabled
  • 252: $a_napig = $a_napig : [] // if(isset($mentes) || (isset($ttt_copy) && !empty($aktualis))), if(isset($aktualis)), if(!sizeof($arr_hiba)),
  • 1089: $a_napig = $a_napig : []
  • 1108: print print "<input type=\"text\" class=\"bevitel\" name=\"a_napig[$i]\" " . (" value=\"" . $a_napig[$i] . "\"" : "") . " size=8>"
    • requires:
      • 553: if($funkcio == "modosit")
      • 561: if(1 == 1)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 900: $i = 0
  • 0: $a_napi_gyarapodas is not initialized and http://php.net/register_globals is enabled
  • 1090: $a_napi_gyarapodas = $a_napi_gyarapodas : []
  • 1112: print print "<input type=\"text\" class=\"bevitel\" name=\"a_napi_gyarapodas[$i]\" " . (" value=\"" . $a_napi_gyarapodas[$i] . "\"" : "") . " size=8>"
    • requires:
      • 553: if($funkcio == "modosit")
      • 561: if(1 == 1)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 900: $i = 0
  • 0: $a_tap_per_nap is not initialized and http://php.net/register_globals is enabled
  • 1091: $a_tap_per_nap = $a_tap_per_nap : []
  • 1116: print print "<input type=\"text\" class=\"bevitel\" name=\"a_tap_per_nap[$i]\" " . (" value=\"" . $a_tap_per_nap[$i] . "\"" : "") . " size=8>"
    • requires:
      • 553: if($funkcio == "modosit")
      • 561: if(1 == 1)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 900: $i = 0
  • 0: $a_nap_vizfogyasztas is not initialized and http://php.net/register_globals is enabled
  • 1092: $a_nap_vizfogyasztas = $a_nap_vizfogyasztas : []
  • 1120: print print "<input type=\"text\" class=\"bevitel\" name=\"a_napi_vizfogyasztas[$i]\" " . (" value=\"" . $a_nap_vizfogyasztas[$i] . "\"" : "") . " size=8>"
    • requires:
      • 553: if($funkcio == "modosit")
      • 561: if(1 == 1)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 900: $i = 0
  • 0: $a_tap_fazis is not initialized and http://php.net/register_globals is enabled
  • 1093: $a_tap_fazis = $a_tap_fazis : []
  • 1128: print print "<input type=\"text\" class=\"bevitel\" name=\"a_tap_fazis[$i]\" " . (" value=\"" . $a_tap_fazis[$i] . "\"" : "") . " size=8>"
    • requires:
      • 553: if($funkcio == "modosit")
      • 561: if(1 == 1)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 900: $i = 0
  • 0: $a_elhullas_szazalek is not initialized and http://php.net/register_globals is enabled
  • 1099: $a_elhullas_szazalek = $a_elhullas_szazalek : []
  • 1140: print print "<input type=\"text\" name=\"a_elhullas_szazalek[$i]\"" . (" disabled" : "") . " value=\"" . $a_elhullas_szazalek[$i] . "\" class=\"bevitel\" size=8>"
    • requires:
      • 553: if($funkcio == "modosit")
      • 561: if(1 == 1)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 900: $i = 0
  • 0: $a_tojashozam_szazalek is not initialized and http://php.net/register_globals is enabled
  • 1094: $a_tojashozam_szazalek = $a_tojashozam_szazalek : []
  • 1145: print print "<input type=\"text\" name=\"a_tojashozam_szazalek[$i]\"" . (" disabled" : "") . " value=\"" . $a_tojashozam_szazalek[$i] . "\" class=\"bevitel lefut\" size=8>"
    • requires:
      • 553: if($funkcio == "modosit")
      • 561: if(1 == 1)
      • 1143: if(defset ('MOD_TOJAS'FALSE) === TRUE && $sor['tth_tojatas'])
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 900: $i = 0
  • 0: $a_tojastomeg is not initialized and http://php.net/register_globals is enabled
  • 1096: $a_tojastomeg = $a_tojastomeg : []
  • 1159: print print "<input type=\"text\" name=\"a_tojastomeg[$i]\"" . (" disabled" : "") . " value=\"" . $a_tojastomeg[$i] . "\" class=\"bevitel lefut\" size=8>"
    • requires:
      • 553: if($funkcio == "modosit")
      • 561: if(1 == 1)
      • 1143: if(defset ('MOD_TOJAS'FALSE) === TRUE && $sor['tth_tojatas'])
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 900: $i = 0
  • 0: $a_keltetotojas_szazalek is not initialized and http://php.net/register_globals is enabled
  • 1095: $a_keltetotojas_szazalek = $a_keltetotojas_szazalek : []
  • 1165: print print "<input type=\"text\" name=\"a_keltetotojas_szazalek[$i]\"" . (" disabled" : "") . " value=\"" . $a_keltetotojas_szazalek[$i] . "\" class=\"bevitel lefut\" size=8>"
    • requires:
      • 553: if($funkcio == "modosit")
      • 561: if(1 == 1)
      • 1143: if(defset ('MOD_TOJAS'FALSE) === TRUE && $sor['tth_tojatas'])
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 900: $i = 0
  • 0: $a_keltethetoseg is not initialized and http://php.net/register_globals is enabled
  • 1097: $a_keltethetoseg = $a_keltethetoseg : []
  • 1171: print print "<input type=\"text\" name=\"a_keltethetoseg[$i]\"" . (" disabled" : "") . " value=\"" . $a_keltethetoseg[$i] . "\" class=\"bevitel lefut\" size=8>"
    • requires:
      • 553: if($funkcio == "modosit")
      • 561: if(1 == 1)
      • 1143: if(defset ('MOD_TOJAS'FALSE) === TRUE && $sor['tth_tojatas'])
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 900: $i = 0
  • 0: $a_naposcsibe_db is not initialized and http://php.net/register_globals is enabled
  • 1098: $a_naposcsibe_db = $a_naposcsibe_db : []
  • 1175: print print "<input type=\"text\" name=\"a_naposcsibe_db[$i]\"" . (" disabled" : "") . " value=\"" . $a_naposcsibe_db[$i] . "\" class=\"bevitel lefut\" size=8>"
    • requires:
      • 553: if($funkcio == "modosit")
      • 561: if(1 == 1)
      • 1143: if(defset ('MOD_TOJAS'FALSE) === TRUE && $sor['tth_tojatas'])
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 729: $res_ttr = $pdo->select ("SELECT *         FROM io_testtomegtabla_reszletei         WHERE ttr_tth_az = :ttr_tth_az         ORDER BY ttr_napig"[':ttr_tth_az'=>$aktualis]) // , trace stopped
  • 737: foreach($res_ttr as $row_ttr) // if(!empty($res_ttr)),
  • 738: $arr[$row_ttr'ttr_napig'] = $row_ttr // if(!empty($res_ttr)),
  • 726: $arr = []
  • 0: $a_megjegyzes is not initialized and http://php.net/register_globals is enabled
  • 293: $arr[$napig]['ttr_megjegyzes'] = (string)($a_megjegyzes[$k] : '') // if(isset($mentes) || (isset($ttt_copy) && !empty($aktualis))), if(isset($aktualis)), if(!sizeof($arr_hiba)), if(!empty($napig)),
  • 908: foreach($arr as $k=>$row) // if(is_array($arr) && !empty($arr)),
  • 992: $arr[$k]['napos_csibe_db'] = $row['ttr_naposcsibe_db'] // if(is_array($arr) && !empty($arr)), if(defset('MOD_TOJAS', FALSE) === TRUE && $sor),
  • 1193: print print "<td class=\"tabla_cella\" style=\"background-color:#eeeeee;\" align=right>" . array_sum_key ($arr"vizfogyasztas") . " l</td>"
    • requires:
      • 553: if($funkcio == "modosit")
      • 561: if(1 == 1)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $tth_nev is not initialized and http://php.net/register_globals is enabled
  • 372: $values = ['tth_nev'=>(string)($tth_nev : '')'tth_profil_az'=>(int)($tth_profil_az : 0)'tth_tipus'=>(int)($tth_tipus : 0)'tth_gen_az'=>(int)($tth_gen_az : 0)'tth_megjegyzes'=>(string)($tth_megjegyzes : '')'tth_letrehozva'=>(string)( // if(isset($mentes) || (isset($ttt_copy) && !empty($aktualis))), if(isset($aktualis)) else , if(empty($arr_hiba)),
  • 380: $aktualis = $pdo->insert ('io_testtomegtabla'$values) // if(isset($mentes) || (isset($ttt_copy) && !empty($aktualis))), if(isset($aktualis)) else , if(empty($arr_hiba)),
  • 567: $sor = $pdo->selectfirst("SELECT *,           COUNT(DISTINCT r.reg_az) as cnt_reg         FROM io_testtomegtabla         LEFT JOIN (           SELECT *           FROM io_regio           JOIN io_lanc ON reg_lan_az=lan_az           WHERE lan_del = 0 AND reg_del = 0         ) as r ON tth_az IN (r.reg_tth_az, r.reg_tth_az_noivar)         WHERE tth_az = :tth_az AND tth_del = 0"[':tth_az'=>$aktualis])
  • 1250: print print "<input type=\"text\" class=\"bevitel lefut \" id=\"tth_piaciar\"  name=\"tth_piaciar\" size=7 value=\"" . $sor['tth_piaciar'] . "\">"
    • requires:
      • 553: if($funkcio == "modosit")
      • 561: if(1 == 1)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $tth_nev is not initialized and http://php.net/register_globals is enabled
  • 372: $values = ['tth_nev'=>(string)($tth_nev : '')'tth_profil_az'=>(int)($tth_profil_az : 0)'tth_tipus'=>(int)($tth_tipus : 0)'tth_gen_az'=>(int)($tth_gen_az : 0)'tth_megjegyzes'=>(string)($tth_megjegyzes : '')'tth_letrehozva'=>(string)( // if(isset($mentes) || (isset($ttt_copy) && !empty($aktualis))), if(isset($aktualis)) else , if(empty($arr_hiba)),
  • 380: $aktualis = $pdo->insert ('io_testtomegtabla'$values) // if(isset($mentes) || (isset($ttt_copy) && !empty($aktualis))), if(isset($aktualis)) else , if(empty($arr_hiba)),
  • 567: $sor = $pdo->selectfirst("SELECT *,           COUNT(DISTINCT r.reg_az) as cnt_reg         FROM io_testtomegtabla         LEFT JOIN (           SELECT *           FROM io_regio           JOIN io_lanc ON reg_lan_az=lan_az           WHERE lan_del = 0 AND reg_del = 0         ) as r ON tth_az IN (r.reg_tth_az, r.reg_tth_az_noivar)         WHERE tth_az = :tth_az AND tth_del = 0"[':tth_az'=>$aktualis])
  • 1275: print print "<input type=\"text\" class=\"bevitel lefut \" id=\"tth_tojas_piaciar\"  name=\"tth_tojas_ar\" size=7 value=\"" . $sor['tth_tojas_ar'] . "\">"
    • requires:
      • 553: if($funkcio == "modosit")
      • 561: if(1 == 1)
      • 1273: if(defset ('MOD_TOJAS'FALSE) === TRUE && $sor['tth_tojatas'])
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $tth_nev is not initialized and http://php.net/register_globals is enabled
  • 372: $values = ['tth_nev'=>(string)($tth_nev : '')'tth_profil_az'=>(int)($tth_profil_az : 0)'tth_tipus'=>(int)($tth_tipus : 0)'tth_gen_az'=>(int)($tth_gen_az : 0)'tth_megjegyzes'=>(string)($tth_megjegyzes : '')'tth_letrehozva'=>(string)( // if(isset($mentes) || (isset($ttt_copy) && !empty($aktualis))), if(isset($aktualis)) else , if(empty($arr_hiba)),
  • 380: $aktualis = $pdo->insert ('io_testtomegtabla'$values) // if(isset($mentes) || (isset($ttt_copy) && !empty($aktualis))), if(isset($aktualis)) else , if(empty($arr_hiba)),
  • 567: $sor = $pdo->selectfirst("SELECT *,           COUNT(DISTINCT r.reg_az) as cnt_reg         FROM io_testtomegtabla         LEFT JOIN (           SELECT *           FROM io_regio           JOIN io_lanc ON reg_lan_az=lan_az           WHERE lan_del = 0 AND reg_del = 0         ) as r ON tth_az IN (r.reg_tth_az, r.reg_tth_az_noivar)         WHERE tth_az = :tth_az AND tth_del = 0"[':tth_az'=>$aktualis])
  • 1279: print print "<input type=\"text\" class=\"bevitel lefut \" id=\"tth_csibe_piaciar\"  name=\"tth_csibe_ar\" size=7 value=\"" . $sor['tth_csibe_ar'] . "\">"
    • requires:
      • 553: if($funkcio == "modosit")
      • 561: if(1 == 1)
      • 1273: if(defset ('MOD_TOJAS'FALSE) === TRUE && $sor['tth_tojatas'])
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $formhiba is not initialized and http://php.net/register_globals is enabled
  • 1298: print print "<p class=\"hiba\">$formhiba</p>"
    • requires:
      • 553: if($funkcio == "modosit")
      • 561: if(1 == 1)
      • 1297: if(isset($formhiba))
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $tth_nev is not initialized and http://php.net/register_globals is enabled
  • 372: $values = ['tth_nev'=>(string)($tth_nev : '')'tth_profil_az'=>(int)($tth_profil_az : 0)'tth_tipus'=>(int)($tth_tipus : 0)'tth_gen_az'=>(int)($tth_gen_az : 0)'tth_megjegyzes'=>(string)($tth_megjegyzes : '')'tth_letrehozva'=>(string)( // if(isset($mentes) || (isset($ttt_copy) && !empty($aktualis))), if(isset($aktualis)) else , if(empty($arr_hiba)),
  • 380: $aktualis = $pdo->insert ('io_testtomegtabla'$values) // if(isset($mentes) || (isset($ttt_copy) && !empty($aktualis))), if(isset($aktualis)) else , if(empty($arr_hiba)),
  • 567: $sor = $pdo->selectfirst("SELECT *,           COUNT(DISTINCT r.reg_az) as cnt_reg         FROM io_testtomegtabla         LEFT JOIN (           SELECT *           FROM io_regio           JOIN io_lanc ON reg_lan_az=lan_az           WHERE lan_del = 0 AND reg_del = 0         ) as r ON tth_az IN (r.reg_tth_az, r.reg_tth_az_noivar)         WHERE tth_az = :tth_az AND tth_del = 0"[':tth_az'=>$aktualis])
  • 1396: echo echo $sor['tth_az']
    • requires:
      • 553: if($funkcio == "modosit")
      • 561: if(1 == 1)
SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $tth_nev is not initialized and http://php.net/register_globals is enabled
  • 372: $values = ['tth_nev'=>(string)($tth_nev : '')'tth_profil_az'=>(int)($tth_profil_az : 0)'tth_tipus'=>(int)($tth_tipus : 0)'tth_gen_az'=>(int)($tth_gen_az : 0)'tth_megjegyzes'=>(string)($tth_megjegyzes : '')'tth_letrehozva'=>(string)( // if(isset($mentes) || (isset($ttt_copy) && !empty($aktualis))), if(isset($aktualis)) else , if(empty($arr_hiba)),
  • 380: $aktualis = $pdo->insert ('io_testtomegtabla'$values) // if(isset($mentes) || (isset($ttt_copy) && !empty($aktualis))), if(isset($aktualis)) else , if(empty($arr_hiba)),
  • 567: $sor = $pdo->selectfirst("SELECT *,           COUNT(DISTINCT r.reg_az) as cnt_reg         FROM io_testtomegtabla         LEFT JOIN (           SELECT *           FROM io_regio           JOIN io_lanc ON reg_lan_az=lan_az           WHERE lan_del = 0 AND reg_del = 0         ) as r ON tth_az IN (r.reg_tth_az, r.reg_tth_az_noivar)         WHERE tth_az = :tth_az AND tth_del = 0"[':tth_az'=>$aktualis])
  • 1436: $rdatum = strtotime("-24 months"time())
  • 1437: $rdatum = date("Y-m-d"$rdatum)
  • 1441: $sql = "     (SELECT *, IF(reg_rot_datum_befejezes<>'0000-00-00', DATE_FORMAT(reg_rot_datum_befejezes,'%Y-%m-%d'), DATE_FORMAT(NOW(),'%Y-%m-%d')) as x_datum, MIN(ren_szallitas) as x_mindatum, COUNT(ren_az) as x_cnt_ren_az     FROM `io_rendeles_reszletei`     JOIN `io_rendeles` ON ren_az=rnd_ren_az     JOIN `io_bolt` ON bol_az=ren_bol_az AND bol_del=0     JOIN `io_vevo` ON vev_az=bol_vev_az AND vev_del=0     JOIN `io_regio` ON reg_az=vev_reg_az AND reg_del=0     JOIN `io_lanc` ON lan_az=reg_lan_az AND lan_del=0 AND lan_telep=1     JOIN `io_termekkategoria` ON ren_telep_tka_az=tka_az     WHERE ren_telep_tka_az>0 AND ren_del=0 AND rnd_onkoltseg>0 AND rnd_tomeg>0 AND (reg_rot_datum_befejezes = '0000-00-00') AND       lan_profil_az IN ('" . $sor['tth_profil_az'] . "') AND  '" . $aktualis . "' IN (reg_tth_az, reg_tth_az_noivar)      GROUP BY bol_az     ORDER BY reg_rot_datum_indulas ASC, lan_nev, reg_nev, bol_nev, ren_az     LIMIT 100)     UNION     (SELECT *, IF(reg_rot_datum_befejezes<>'0000-00-00', DATE_FORMAT(reg_rot_datum_befejezes,'%Y-%m-%d'), DATE_FORMAT(NOW(),'%Y-%m-%d')) as x_datum, MIN(ren_szallitas) as x_mindatum, COUNT(ren_az) as x_cnt_ren_az     FROM `io_rendeles_reszletei`     JOIN `io_rendeles` ON ren_az=rnd_ren_az     JOIN `io_bolt` ON bol_az=ren_bol_az AND bol_del=0     JOIN `io_vevo` ON vev_az=bol_vev_az AND vev_del=0     JOIN `io_regio` ON reg_az=vev_reg_az AND reg_del=0     JOIN `io_lanc` ON lan_az=reg_lan_az AND lan_del=0 AND lan_telep=1     JOIN `io_termekkategoria` ON ren_telep_tka_az=tka_az     WHERE ren_telep_tka_az>0 AND ren_del=0 AND rnd_onkoltseg>0 AND rnd_tomeg>0 AND (reg_rot_datum_befejezes > '" . $rdatum . "') AND       lan_profil_az IN ('" . $sor['tth_profil_az'] . "') AND '" . $aktualis . "' IN (reg_tth_az, reg_tth_az_noivar)     GROUP BY bol_az     ORDER BY x_mindatum DESC, lan_nev, reg_nev, bol_nev, ren_az     LIMIT 5)"
  • 1471: select $res = $pdo->select ($sql)
    • requires:
      • 553: if($funkcio == "modosit")
      • 561: if(1 == 1)

File: /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/torony.php

SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $_cond_telepek is not initialized and http://php.net/register_globals is enabled
  • 53: $_cond_telepek = $_cond_telepek : ""
  • 56: select $res = $pdo->select ("SELECT *    FROM io_lanc    WHERE lan_del = 0 AND lan_telep = 1 $_cond_telepek    ORDER BY lan_nev")
SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $_cond_telepek is not initialized and http://php.net/register_globals is enabled
  • 53: $_cond_telepek = $_cond_telepek : ""
  • 67: select $res = $pdo->select ("SELECT *    FROM io_istallo    JOIN io_lanc ON ist_lan_az = lan_az    WHERE ist_del = 0 $_cond_telepek    ORDER BY lan_nev, ist_nev")
SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 205: $cond = ""
  • 79: $_SESSION['stor_filter_lan_az'] = 0 // if(!isset($_SESSION)),
  • 83: $filter_lan_az = $_SESSION['stor_filter_lan_az'] // if(!isset($_REQUEST)),
  • 207: $cond .= " AND lan_az='" . $filter_lan_az . "' " // if(!empty($filter_lan_az)),
  • 0: $filter_ist_telep_az is not initialized and http://php.net/register_globals is enabled
  • 211: $cond .= " AND tor_ist_telep_az='" . $filter_ist_telep_az . "' " // if(!empty($filter_ist_telep_az)),
  • 215: $sql = "SELECT * FROM io_torony      LEFT JOIN io_istallo ON tor_ist_telep_az=ist_telep_azonosito      LEFT JOIN io_lanc ON ist_lan_az = lan_az      WHERE tor_del = 0 $cond "
  • 219: select $eredmeny = $pdo->select ($sql)
    • requires:
      • 204: if($funkcio == "")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 385: print print "<tr><td colspan=4 align=\"right\" class=\"tabla_cella\">   <input type=\"submit\" class=\"gomb btn_save_2_img\" name=\"mentes\" value=\"" . __MENTES . "\" title=\"" . __MENTES . "\">   <input type=\"button\" class=\"gomb btn_back_2_img\" value=\"" . __MEGSE . "\" title=\"" . __MEGSE . "\"   onClick=\"location.href='index.php?prg=$prg&alp=$alp'\"></td></tr>"
    • requires:
      • 322: if($funkcio == "modosit" && !empty($aktualis))
      • 384: if($jog == 2)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 391: print print "<tr><td colspan=4 align=\"right\" class=\"tabla_cella\">   <input type=\"button\" class=\"gomb btn_back_2_img\" value=\"" . __VISSZA . "\" title=\"" . __VISSZA . "\"   onClick=\"location.href='index.php?prg=$prg&alp=$alp'\"></td></tr>"
    • requires:
      • 322: if($funkcio == "modosit" && !empty($aktualis))
      • 390: if($jog == 2) else 
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $tor_nev is not initialized and http://php.net/register_globals is enabled
  • 175: $last = $pdo->insert ('io_torony'['tor_nev'=>$tor_nev : '''tor_ist_telep_az'=>$tor_ist_telep_az : '''tor_megjegyzes'=>$tor_megjegyzes : '']) // if(isset($mentes)), if(!empty($aktualis)) else , if(empty($arr_hiba)),
  • 184: $aktualis = $last // if(isset($mentes)), if(!empty($aktualis)) else , if(empty($arr_hiba)),
  • 398: print print "<input type=\"hidden\" name=\"aktualis\" value=\"$aktualis\">"
    • requires:
      • 322: if($funkcio == "modosit" && !empty($aktualis))
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $tor_megjegyzes is not initialized and http://php.net/register_globals is enabled
  • 436: print print $tor_megjegyzes
    • requires:
      • 404: if($funkcio == "felvitel")
      • 435: if(isset($tor_megjegyzes))
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 450: print print "<tr><td colspan=4 align=\"right\" class=\"tabla_cella\">   <input type=\"submit\" class=\"gomb btn_save_2_img\" name=\"mentes\" value=\"" . __MENTES . "\" title=\"" . __MENTES . "\">   <input type=\"button\" class=\"gomb btn_back_2_img\" value=\"" . __MEGSE . "\" title=\"" . __MEGSE . "\"   onClick=\"location.href='index.php?prg=" . $prg . "&alp=" . $alp . "'\"></td></tr>"
    • requires:
      • 404: if($funkcio == "felvitel")

File: /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/raktar.php

Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 426: echo echo $prg
    • requires:
      • 343: if($funkcio == "modosit" && !empty($aktualis))
      • 422: if($jog == 2)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $alp is not initialized and http://php.net/register_globals is enabled
  • 426: echo echo $alp
    • requires:
      • 343: if($funkcio == "modosit" && !empty($aktualis))
      • 422: if($jog == 2)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 432: echo echo $prg
    • requires:
      • 343: if($funkcio == "modosit" && !empty($aktualis))
      • 429: if($jog == 2) else 
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $alp is not initialized and http://php.net/register_globals is enabled
  • 432: echo echo $alp
    • requires:
      • 343: if($funkcio == "modosit" && !empty($aktualis))
      • 429: if($jog == 2) else 
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $bol_nev is not initialized and http://php.net/register_globals is enabled
  • 459: echo echo 'value="' . $bol_nev . '"'
    • requires:
      • 449: if($funkcio == "felvitel")
      • 458: if(isset($bol_nev))
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $bol_konyveles_kod is not initialized and http://php.net/register_globals is enabled
  • 468: echo echo 'value="' . $bol_konyveles_kod . '"'
    • requires:
      • 449: if($funkcio == "felvitel")
      • 462: if(get_sys_var ('konyveles_alapja'""TRUE) == '__TELEP')
      • 467: if(isset($bol_konyveles_kod))
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $bol_megjegyzes is not initialized and http://php.net/register_globals is enabled
  • 476: echo echo $bol_megjegyzes
    • requires:
      • 449: if($funkcio == "felvitel")
      • 475: if(isset($bol_megjegyzes))
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 490: echo echo $prg
    • requires:
      • 449: if($funkcio == "felvitel")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $alp is not initialized and http://php.net/register_globals is enabled
  • 490: echo echo $alp
    • requires:
      • 449: if($funkcio == "felvitel")

File: /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/logins.php

SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $kazon is not initialized and http://php.net/register_globals is enabled
  • 16: $felhasznalo = "" // if(!isset($felhasznalo)),
  • 20: $comment = "" // if(!isset($comment)),
  • 24: $datum_min = date("Y.m.d"strtotime('- 1 month'time())) // if(!isset($datum_min)),
  • 28: $ido_min = "00:00" // if(!isset($ido_min)),
  • 32: $datum_max = date("Y.m.d"strtotime('+ 1 day'time())) // if(!isset($datum_max)),
  • 36: $ido_max = "23:59" // if(!isset($ido_max)),
  • 39: select $eredmeny = $pdo->select ("SELECT lin_az    FROM io_logins    LEFT JOIN io_felhasznalo ON fel_az = lin_fel_az AND (lin_fel_az != 1 OR $kazon = 1)    WHERE LOCATE('$felhasznalo', fel_nev) > 0      AND LOCATE('$comment', lin_comment) > 0      AND lin_dt >= '" . date("Y-m-d H:i:s"(unix_datumbol ($datum_min) + substr($ido_min02) * 3600 + substr($ido_min32) * 60)) . "'     AND lin_dt <= '" . 
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $alp is not initialized and http://php.net/register_globals is enabled
  • 87: print print "<button type=\"button\" value=\"" . __SZURESTORLESE . "\" title=\"" . __SZURESTORLESE . "\" class=\"btn_reset_2_img\" onClick=\"location.href='index.php?prg=admin&alp=" . $alp . "'\"></button>"
SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $kazon is not initialized and http://php.net/register_globals is enabled
  • 16: $felhasznalo = "" // if(!isset($felhasznalo)),
  • 20: $comment = "" // if(!isset($comment)),
  • 24: $datum_min = date("Y.m.d"strtotime('- 1 month'time())) // if(!isset($datum_min)),
  • 28: $ido_min = "00:00" // if(!isset($ido_min)),
  • 32: $datum_max = date("Y.m.d"strtotime('+ 1 day'time())) // if(!isset($datum_max)),
  • 36: $ido_max = "23:59" // if(!isset($ido_max)),
  • 12: $kezd = 0 // if(!isset($kezd) or $kezd < 0),
  • 8: $eo = 20 // if(!isset($eo)),
  • 48: $kezd -= $eo
  • 95: select $eredmeny = $pdo->select ("SELECT * FROM io_logins    LEFT JOIN io_felhasznalo ON fel_az = lin_fel_az AND (fel_az != 1 OR $kazon = 1)    WHERE LOCATE('$felhasznalo', fel_nev) > 0      AND LOCATE('$comment', lin_comment) > 0      AND lin_dt >= '" . date("Y-m-d H:i:s"(unix_datumbol ($datum_min) + substr($ido_min02) * 3600 + substr($ido_min32) * 60)) . "'      AND lin_dt <= '" . 

File: /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/gyarto_profil.php

Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 43: $entity_id = !$_REQUEST['entity_id'] : NULL // if($action == 'delete'),
  • 47: $entity = Animal::getentity ('gyarto_profil'$entity_id) // if($action == 'delete'), if($entity_id),
  • 53: $action = 'list' // if($action == 'delete'),
  • 31: $action = 'edit' // if($action == 'new' || $action == 'edit'), if(isset($_REQUEST)), if($valid === TRUE),
  • 12: $_REQUEST['action'] = 'list' // if(!isset($_REQUEST)),
  • 16: $action = !$_REQUEST['action'] : 'list'
  • 60: print print geteditform ($entity$action)
    • requires:
      • 56: switch($action)
      • 58:  case 'edit' : 

File: /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/arlista.php

Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str) // arkalkulator.php else ,
  • 465: $lowercase $lowercase($const['__EV'])} // arkalkulator.php
    • requires:
      • 40: if($funkcio == 'list')
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str) // arkalkulator.php else ,
  • 475: $lowercase $lowercase($const['__SHORT_MONTH'])} // arkalkulator.php
    • requires:
      • 40: if($funkcio == 'list')
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str) // arkalkulator.php else ,
  • 560: $lowercase $lowercase($const['__DARAB'])} // arkalkulator.php
    • requires:
      • 40: if($funkcio == 'list')
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str) // arkalkulator.php else ,
  • 571: $lowercase $lowercase($const['__DARAB'])} // arkalkulator.php
    • requires:
      • 40: if($funkcio == 'list')
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str) // arkalkulator.php else ,
  • 582: $lowercase $lowercase($const['__DARAB'])} // arkalkulator.php
    • requires:
      • 40: if($funkcio == 'list')
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str) // arkalkulator.php else ,
  • 590: $lowercase $lowercase($const['__DARAB'])} // arkalkulator.php
    • requires:
      • 40: if($funkcio == 'list')
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str) // arkalkulator.php else ,
  • 601: $lowercase $lowercase($const['__DB'])} // arkalkulator.php
    • requires:
      • 40: if($funkcio == 'list')
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str) // arkalkulator.php else ,
  • 601: $lowercase $lowercase($const['__TYUK'])} // arkalkulator.php
    • requires:
      • 40: if($funkcio == 'list')
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str) // arkalkulator.php else ,
  • 634: $lowercase $lowercase($const['__DARAB'])} // arkalkulator.php
    • requires:
      • 40: if($funkcio == 'list')
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str) // arkalkulator.php else ,
  • 645: $lowercase $lowercase($const['__DARAB'])} // arkalkulator.php
    • requires:
      • 40: if($funkcio == 'list')
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str) // arkalkulator.php else ,
  • 656: $lowercase $lowercase($const['__DARAB'])} // arkalkulator.php
    • requires:
      • 40: if($funkcio == 'list')
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str) // arkalkulator.php else ,
  • 664: $lowercase $lowercase($const['__DARAB'])} // arkalkulator.php
    • requires:
      • 40: if($funkcio == 'list')
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str) // arkalkulator.php else ,
  • 675: $lowercase $lowercase($const['__DB'])} // arkalkulator.php
    • requires:
      • 40: if($funkcio == 'list')
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str) // arkalkulator.php else ,
  • 675: $lowercase $lowercase($const['__TYUK'])} // arkalkulator.php
    • requires:
      • 40: if($funkcio == 'list')
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str) // arkalkulator.php else ,
  • 700: $lowercase $lowercase($const['__MODUL'])} // arkalkulator.php
    • requires:
      • 40: if($funkcio == 'list')
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str) // arkalkulator.php else ,
  • 700: $lowercase $lowercase($const['__DB'])} // arkalkulator.php
    • requires:
      • 40: if($funkcio == 'list')
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str) // arkalkulator.php else ,
  • 888: $lowercase $lowercase($const['__EV'])} // arkalkulator.php
    • requires:
      • 40: if($funkcio == 'list')
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str) // arkalkulator.php else ,
  • 1083: $lowercase $lowercase($const['__MODUL'])} // arkalkulator.php
    • requires:
      • 40: if($funkcio == 'list')
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str) // arkalkulator.php else ,
  • 1086: $lowercase $lowercase($const['__EV'])} // arkalkulator.php
    • requires:
      • 40: if($funkcio == 'list')
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str) // arkalkulator.php else ,
  • 1415: $lowercase $lowercase($const['__EV'])} // arkalkulator.php
    • requires:
      • 40: if($funkcio == 'list')
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str) // arkalkulator.php else ,
  • 1419: $lowercase $lowercase($const['__TELEP'])} // arkalkulator.php
    • requires:
      • 40: if($funkcio == 'list')
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str) // arkalkulator.php else ,
  • 1431: $lowercase $lowercase($const['__FELHASZNALO'])} // arkalkulator.php
    • requires:
      • 40: if($funkcio == 'list')
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str) // arkalkulator.php else ,
  • 1443: $lowercase $lowercase($const['__EV'])} // arkalkulator.php
    • requires:
      • 40: if($funkcio == 'list')
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str) // arkalkulator.php else ,
  • 1471: $lowercase $lowercase($const['__OSSZESEN'])} // arkalkulator.php
    • requires:
      • 40: if($funkcio == 'list')
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 266: $css = <<<HTML <style type="text/css">     .cella_profil {         background: #efefef;     }      tr.hidden {         display: none;     }      .active-profil-cella {         background: #fff;     }      .arlista_hidden {         display: none;     }      .active-profil-cella.profile-radio label {         font-weight: bold;     }      .profil-tabla td {         font-size: 12px;     }      #kalkulacio td {         font-size: 12px;     }      #kalkulacio tr.red td {         color: red;     }      #kalkulacio .ertek {         padding-right: 5px;         text-align: right !important;     }      #kalkulacio .ertek.bold {         font-weight: bold;     }      #kalkulacio .ertek::after {         content: ' \\20AC';     }      .summatext b {         padding-left: 5px;     }      tr.section_darabszam input[type="text"]{         font-size: 14px !important;     }      @media print {         .ark-no-print {             display: none !important;         }          input,         input:disabled {             border: 0 !important;             background-color: #fff !important;         }         textarea {             border: 0 !important;         }         td {             padding-top: 0 !important;             padding-bottom: 0 !important;         }         .tabla_lablec {             height: auto !important;         }     } </style> HTML // arkalkulator.php else ,
  • 0: $ark_az is not initialized and http://php.net/register_globals is enabled
  • 7: $aktualis = $ark_az // if(isset($ark_az)),
  • 351: $sor = Animal::getentity ('arkalkulacio'$aktualis)->getvalues () // arkalkulator.php
  • 353: $arlistaHideClass = isset($sor) && 'arlista_hidden' : 'ark-no-print' // arkalkulator.php
  • 373: $cim = __ARAJANLAT : __ARLISTA // arkalkulator.php
  • 371: $nevHidden = '' : 'hidden' // arkalkulator.php
  • 6: $const = get_defined_constants() // arkalkulator.php else ,
  • 364: $nevInput = $form->text('ark_nev'$sor['ark_nev']NULL['id'=>'ark_nev''class'=>'bevitel''size'=>10'style'=>'width: 300px;']) // arkalkulator.php
  • 358: $countrySelect = $form->select ('ark_cou_id'$countries$sor['ark_cou_id']['class'=>'legordulo''disabled'=>!empty($sor['ark_parent_az'])'style'=>'width: 300px;']) // arkalkulator.php, trace stopped
  • 349: $editDisabled = 'disabled' : '' // arkalkulator.php
  • 13: $profileNames = ['tenyesztes'=>__TENYESZTES'tenyesztes_hizlalas'=>__TENYESZTES . ' + ' . __HIZLALAS'hizlalas'=>__HIZLALAS'hizlalas_broyler'=>__HIZLALAS . ' ' . __BROILER'tojas_eloallitas'=>__TOJAS_ELOALLITAS]
  • 379: $arlista = <<<HTML <div id="div_content">  <form method="post" id="save_helper_form">     <input type="hidden" value="{$sor['ark_az']}" name="aktualis">     <input type="hidden" value="modosit" name="funkcio"> </form>  <table border="0" cellpadding="0" cellspacing="0" class="tabla profil-tabla {$arlistaHideClass}" style="margin-bottom: 20px;">     <tr>         <td colspan="8" class="tabla_fejlec box_cim">{$cim}</td>     </tr>     <tr class="{$nevHidden}">         <td class="tabla_cella"><b>{$const['__NEV']}:</b></td>         <td class="tabla_cella" colspan="6">{$nevInput}</td>     </tr>     <tr>         <td class="tabla_cella"><b>{$const['__ORSZAG']}:</b></td>         <td class="tabla_cella" colspan="6">{$countrySelect}</td>     </tr>     <tr>         <td class="tabla_cella cella_profil" colspan="7">&nbsp;</td>     </tr>     <tr>         <td class="tabla_cella tabla_fejlec" colspan="2"><b>{$const['__PROFIL']}:</b></td>         <td class="tabla_cella tabla_fejlec cella_profil  cella_profil_1 profile-radio" style="text-align: center;width: 15%;">             <input type="radio" name="ark_profil" id="ark_profil_1" {$editDisabled} class="bevitel" value="1">             <label for="ark_profil_1" style="position: relative;top: -4px;">{$profileNames['tenyesztes']}</label>         </td>         <td class="tabla_cella tabla_fejlec cella_profil  cella_profil_2 profile-radio" style="text-align: center;">             <input type="radio" name="ark_profil" id="ark_profil_2" {$editDisabled} class="bevitel" value="2">             <label for="ark_profil_2" style="position: relative;top: -4px;"> // arkalkulator.php
  • 344: $lowercase =  function ($str){returnmb_strtolower($str) // arkalkulator.php else ,
  • 1072: $kalkulacio = <<<HTML     <table border="0" cellpadding="0" cellspacing="0" class="tabla" id="kalkulacio">         <tr>             <td colspan="6" class="tabla_fejlec box_cim">{$const['__ARAJANLAT']}</td>         </tr>         <tr>             <td class="tabla_cella" style="font-size: 14px; width: 20%;">&nbsp;</td>             <td class="tabla_cella" style="text-align: right; width: 10%;"><b>{$const['__EGYSEGAR']}</b></td>             <td class="tabla_cella" style="text-align: right; width: 10%"><b>{$const['__VARHATO_EVES_DIJ']}</b></td>             <td class="tabla_cella"></td>             <td class="tabla_cella" style="width: 18%; text-align: center;"><b>{$const['__KEDVEZMENY']} %</b></td>             <td class="tabla_cella" style="width: 18%; text-align: right;"><b>{$const['__EVES_DIJ']} / {$lowercase($const['__MODUL'])}</b></td>         </tr>         <tr id="k_0">             <td class="tabla_cella"><b>{$const['__HOZZAFERES']} / {$lowercase($const['__EV'])}:</b></td>             <td class="tabla_cella ertek fixed" style="width: 18%;" id="k_0_1"></td>             <td class="tabla_cella ertek" style="text-align: right; width: 18%;" id="k_0_2"></td>             <td class="tabla_cella"></td>             <td class="tabla_cella" style="text-align: center;">                 <input id="k_0_4" style="text-align: center; width: 96%;" type="text"  {$editDisabled} class="bevitel percent" size=10>             </td>             <td class="tabla_cella ertek" id="k_0_5"></td>         </tr>         <tr>             <td class="tabla_lablec" >&nbsp;</td>             <td class="tabla_lablec" ></td>             <td class="tabla_lablec" ></td>             <td class="tabla_lablec" ></td>             <td class="tabla_lablec" ></td>             <td class="tabla_lablec"></td>         </tr>          <tr>             <td colspan="6" class="tabla_fejlec box_cim">{$const['__PROFIL']}</td>         </tr>                 <tr id="k_1">             <td class="tabla_cella"><b>{$profileNames['tenyesztes'] // arkalkulator.php
    • requires:
      • 40: if($funkcio == 'list')

File: /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/telep_group.php

SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $cond is not initialized and http://php.net/register_globals is enabled
  • 294: select $res = $pdo->select ("SELECT *,        COUNT(DISTINCT l2l_lag_az) as is_checked    FROM io_lanc   LEFT JOIN io_lan2lag ON lan_az = l2l_lan_az     AND l2l_lag_az = :l2l_lag_az   LEFT JOIN io_lanc_profilok ON lan_profil_az = lpr_az    WHERE (lan_telep = 1 OR ( lan_is_kereskedelem = 1 AND lan_telepi_uf = 0) )        AND lan_del = 0       " . $cond . "    GROUP BY lan_az    ORDER BY is_checked DESC, lan_nev"[':l2l_lag_az'=>$aktualis])
    • requires:
      • 243: if($funkcio == "modosit" && !empty($aktualis))
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 357: print print "<tr><td colspan=4 align=\"right\" class=\"tabla_cella\">   <button type=\"submit\" class=\"btn_save_2_img\" name=\"mentes\" title=\"" . __MENTES . "\"></button>&nbsp;&nbsp;" . "<button type=\"button\" class=\"btn_back_2_img\" title=\"" . __MEGSE . "\" onClick=\"location.href='index.php?prg=$prg&alp=$alp'\"></button></td></tr>"
    • requires:
      • 243: if($funkcio == "modosit" && !empty($aktualis))
      • 356: if($jog == 2)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 362: print print "<tr><td colspan=4 align=\"right\" class=\"tabla_cella\">   <button type=\"button\" class=\"btn_back_2_img\" title=\"" . __VISSZA . "\" onClick=\"location.href='index.php?prg=$prg&alp=$alp'\"></button></td></tr>"
    • requires:
      • 243: if($funkcio == "modosit" && !empty($aktualis))
      • 361: if($jog == 2) else 
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $lag_nev is not initialized and http://php.net/register_globals is enabled
  • 384: print print " value=\"$lag_nev\""
    • requires:
      • 376: if($funkcio == "felvitel")
      • 383: if(isset($lag_nev))
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $lag_megjegyzes is not initialized and http://php.net/register_globals is enabled
  • 392: print print $lag_megjegyzes
    • requires:
      • 376: if($funkcio == "felvitel")
      • 391: if(isset($lag_megjegyzes))
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 399: print print "<tr><td colspan=4 align=\"right\" class=\"tabla_cella\">   <button type=\"submit\" class=\"btn_save_2_img\" name=\"mentes\" value=\"" . __MENTES . "\" title=\"" . __MENTES . "\"></button>&nbsp;&nbsp;" . "<button type=\"button\" class=\"btn_back_2_img\" title=\"" . __MEGSE . "\"   onClick=\"location.href='index.php?prg=" . $prg . "&alp=" . $alp . "'\"></button></td></tr>"
    • requires:
      • 376: if($funkcio == "felvitel")

File: /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/arucsoportok.php

Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 51: $entity_id = !$_REQUEST['entity_id'] : NULL // if($action == 'delete'),
  • 55: $entity = Animal::getentity ('arucsoport'$entity_id) // if($action == 'delete'), if($entity_id),
  • 61: $action = 'list' // if($action == 'delete'),
  • 37: $action = 'edit' // if($action == 'new' || $action == 'edit'), if(isset($_REQUEST) && empty($arr_hiba)), if($valid === TRUE),
  • 12: $_REQUEST['action'] = 'list' // if(!isset($_REQUEST)),
  • 16: $action = !$_REQUEST['action'] : 'list'
  • 68: print print geteditform ($entity$action)
    • requires:
      • 64: switch($action)
      • 66:  case 'edit' : 

File: /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/hypor_import.php

SQL Injection

Call triggers vulnerability in function hypor_get_import_download_submit()
  • 29:  hypor_get_import_download_submit ()
    • requires:
      • 28: if(isset($_POST['download']))

Userinput reaches sensitive sink when function hypor_get_import_download_submit() is called.
  • 942: select $rows = $pdo->select ('SELECT *     FROM io_hypor_package     WHERE id IN(' . implode(', '$_POST['package']) . ')') // hypor_functions.php
    • requires:
      • 932:  function hypor_get_import_download_submit()
  • Vulnerability is also triggered in:
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/includes/hypor_functions.php
SQL Injection

Userinput is passed through function parameters.
  • 33:  hypor_get_import_send_submit (['package'=>$_POST['package']'email'=>$_POST['email']'cron'=>FALSE])
    • requires:
      • 32: if(isset($_POST['send']))

Userinput is passed through function parameters.
  • 1149:  function hypor_batch_finished_callback($success$results$operations)
  • 1157:  hypor_get_import_send_submit (['package'=>$results['package_id']'email'=>$emails'cron'=>TRUE]) // hypor_functions.php
    • requires:
      • 1152: if($success)
      • 1153: if(!empty($results['cron']))

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 986:  function hypor_get_import_send_submit($options = [])
  • 1007: select $rows = $pdo->select ('SELECT *     FROM io_hypor_package     WHERE id IN(' . implode(', '$options['package']) . ')') // hypor_functions.php
  • Vulnerability is also triggered in:
    • /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/includes/hypor_functions.php

File: /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/danavl_hozzaferes.php

Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 65: $entity_id = !$_REQUEST['entity_id'] : NULL // if($action == 'delete_back'),
  • 69: $entity = Animal::getentity ('danavl_hozzaferes'$entity_id) // if($action == 'delete_back'), if($entity_id),
  • 76: $action = 'list' // if($action == 'delete_back'),
  • 60: $action = 'list' // if($action == 'delete'),
  • 38: $action = 'edit' // if($action == 'new' || $action == 'edit'), if(isset($_REQUEST)), if($valid === TRUE),
  • 15: $_REQUEST['action'] = 'list' // if(!isset($_REQUEST)),
  • 19: $action = !$_REQUEST['action'] : 'list'
  • 83: print print geteditform ($entity$action)
    • requires:
      • 79: switch($action)
      • 81:  case 'edit' : 

File: /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/telep.php

File Manipulation

Userinput reaches sensitive sink. For more information, press the help icon on the left side. (Blind exploitation)
  • 331: unlink unlink(base64_decode($_REQUEST['dok_file_del'][$dok_sorszam]))
    • requires:
      • 79: if($jog == 2 && isset($mentes))
      • 82: if(!empty($aktualis))
      • 311: if($_dok_az)
      • 312: if(($row = (!reset($res) : FALSE)))
      • 313: if(strlen($nev))
      • 330: if($_REQUEST['dok_file_del'][$dok_sorszam] && is_file(base64_decode($_REQUEST['dok_file_del'][$dok_sorszam])))
File Manipulation

Userinput reaches sensitive sink. For more information, press the help icon on the left side. (Blind exploitation)
  • 337: $fajlnev = get_filename ($_FILES['dok_file']['name'][$dok_sorszam]MI_DOKKEZELO_PATH)
  • 338: move_uploaded_file move_uploaded_file($_FILES['dok_file']['tmp_name'][$dok_sorszam]MI_DOKKEZELO_PATH . '/' . $fajlnev)
    • requires:
      • 79: if($jog == 2 && isset($mentes))
      • 82: if(!empty($aktualis))
      • 311: if($_dok_az)
      • 312: if(($row = (!reset($res) : FALSE)))
      • 313: if(strlen($nev))
      • 336: if(isset($_FILES['dok_file']['tmp_name'][$dok_sorszam]) && is_uploaded_file($_FILES['dok_file']['tmp_name'][$dok_sorszam]))
File Manipulation

Userinput reaches sensitive sink. For more information, press the help icon on the left side. (Blind exploitation)
  • 383: $fajlnev = get_filename ($_FILES['dok_file']['name'][$dok_sorszam]MI_DOKKEZELO_PATH)
  • 384: move_uploaded_file move_uploaded_file($_FILES['dok_file']['tmp_name'][$dok_sorszam]MI_DOKKEZELO_PATH . '/' . $fajlnev)
    • requires:
      • 79: if($jog == 2 && isset($mentes))
      • 82: if(!empty($aktualis))
      • 372: if($_dok_az) else 
      • 374: if(strlen($nev))
      • 382: if(isset($_FILES['dok_file']['tmp_name'][$dok_sorszam]) && is_uploaded_file($_FILES['dok_file']['tmp_name'][$dok_sorszam]))
SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 537: $_lan_az = $_REQUEST['aktualis']
  • 539: select $res_bb = $pdo->select ("SELECT rnd_az         FROM io_rendeles_reszletei        JOIN io_rendeles ON rnd_ren_az = ren_az AND ren_del = 0        JOIN io_termek ON rnd_ter_az = ter_az        JOIN io_termekkategoria ON ren_telep_tka_az = tka_az        JOIN io_bolt ON bol_az = ren_bol_az AND bol_del = 2       JOIN io_vevo ON vev_az = bol_vev_az        JOIN io_regio ON reg_az = vev_reg_az        JOIN io_lanc ON lan_az = reg_lan_az AND lan_del = 0        WHERE ren_del = 0          AND bol_del = 2          AND ren_telep_tka_az > 0          AND lan_az = '" . $_lan_az . "'        LIMIT 1")
    • requires:
      • 497: if(isset($_REQUEST['do_bb']))
      • 536: elseif($_REQUEST['do_bb'] == 'delete')
SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $cond_telepek is not initialized and http://php.net/register_globals is enabled
  • 570: select $eredmeny = $pdo->select ("SELECT   DISTINCT lan_tul_nev, lan_tul_cim, lan_cim, lan_telefon, lan_email   FROM io_lanc   LEFT JOIN io_istallo ON ist_lan_az = lan_az AND ist_del = 0   WHERE lan_del = 0     AND lan_telep = 1 AND lan_is_kereskedelem = 0    AND lan_tul_nev <> '' $cond_telepek  ORDER BY lan_tul_nev, lan_tul_cim")
    • requires:
      • 569: if($funkcio == "owner_list")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 579: print print "<div>" . "<button type=\"button\" title=\"" . __VISSZA . "\" class=\"btn_back_2_img\" onClick=\"location.href='index.php?prg=$prg&alp=$alp'\"></button>  </div>"
    • requires:
      • 569: if($funkcio == "owner_list")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $lan_aktiv_e is not initialized and http://php.net/register_globals is enabled
  • 613: $lan_aktiv_e = varset ($lan_aktiv_e1)
  • 629: print print $form->select ('lan_aktiv_e'[2=>'-- ' . __OSSZES . ' --'0=>__NEMAKTIV1=>__AKTIV'----------'=>[9=>__TOROLT]]$lan_aktiv_e['title'=>__STATUSZ'title_display'=>'before''class'=>'legordulo''prefix'=>'<div class="pull-left" style="padding: 0 2px 0 0;">''suffix'=>'</div>'])
    • requires:
      • 612: if($funkcio == "")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 655: print print "<button type=\"button\" value=\"" . __LISTA . " : " . __TULAJDONOS . "\" title=\"" . __LISTA . " : " . __TULAJDONOS . "\" data-toggle=\"tooltip\" class=\"btn btn-legacy\" onClick=\"location.href='index.php?prg=$prg&alp=$alp&funkcio=owner_list'\">"
    • requires:
      • 612: if($funkcio == "")
SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $cond_telepek is not initialized and http://php.net/register_globals is enabled
  • 684: $alap_feltetel = ""
  • 686: $_SESSION['lan_aktiv_e'] = 2 // if(!isset($_SESSION)),
  • 690: $lan_aktiv_e = $_SESSION['lan_aktiv_e'] // if(!isset($lan_aktiv_e)),
  • 613: $lan_aktiv_e = varset ($lan_aktiv_e1)
  • 697: $alap_feltetel .= " AND lan_aktiv='" . $lan_aktiv_e . "'" // if($lan_aktiv_e != 2 && $lan_aktiv_e != 9),
  • 700: select $eredmeny = $pdo->select ("SELECT *,        SUM(ist_ferohely) as sum_ferohely,        GROUP_CONCAT(DISTINCT lag_nev ORDER BY lag_nev SEPARATOR ', ') as x_lag_nev      FROM io_lanc   LEFT JOIN io_istallo ON ist_lan_az=lan_az AND ist_del=0   LEFT JOIN io_lan2lag ON l2l_lan_az=lan_az  LEFT JOIN io_lanc_group ON l2l_lag_az=lag_az  WHERE 1     AND lan_telep = 1 AND lan_is_kereskedelem = 0 $cond_telepek $alap_feltetel   " . (" AND lan_del=0 " : " AND lan_del=1 ") . "   GROUP BY lan_az  ORDER BY lan_nev ASC ")
    • requires:
      • 612: if($funkcio == "")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $arr_lan_profil is not initialized and http://php.net/register_globals is enabled
  • 726: print print "<td class=\"tabla_cella\">" . $arr_lan_profil[$sor"lan_profil_az"]['title'] . "</td>"
    • requires:
      • 612: if($funkcio == "")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 855: $sor = $pdo->retrieve('io_lanc''*'['lan_az'=>$aktualis'lan_del'=>0]) // , trace stopped
  • 0: $jog is not initialized and http://php.net/register_globals is enabled
  • 899: echo echo Animal::getform()->phonenumber('lan_telefon' : $sor['lan_telefon']NULL['wrapper'=>'tr''disabled'=>$jog == 1'validator'=>['name'=>'validatePhoneNumber''params'=>['...lan_telefon']]])
    • requires:
      • 844: if($funkcio == "modosit")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 855: $sor = $pdo->retrieve('io_lanc''*'['lan_az'=>$aktualis'lan_del'=>0]) // , trace stopped
  • 0: $jog is not initialized and http://php.net/register_globals is enabled
  • 909: echo echo Animal::getform()->faxnumber('lan_fax' : $sor['lan_fax']NULL['wrapper'=>'tr''disabled'=>$jog == 1'validator'=>['name'=>'validateFaxNumber''params'=>['...lan_fax']]])
    • requires:
      • 844: if($funkcio == "modosit")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $arr_takszallitas_mod is not initialized and http://php.net/register_globals is enabled
  • 933: foreach($arr_takszallitas_mod as $k=>$v)
  • 934: $sel = " selected" : ""
  • 935: print print "<option value=\"" . $k . "\"" . $sel . ">" . $v['title'] . " " . (" [x]" : "") . "</option>"
    • requires:
      • 844: if($funkcio == "modosit")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $arr_lan_profil is not initialized and http://php.net/register_globals is enabled
  • 955: foreach($arr_lan_profil as $k=>$v)
  • 956: $sel = " selected" : ""
  • 957: print print "<option value=\"" . $k . "\"" . $sel . ">" . $v['title'] . " " . (" [x]" : "") . "</option>"
    • requires:
      • 844: if($funkcio == "modosit")
SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $lan_nev is not initialized and http://php.net/register_globals is enabled
  • 434: $lan_az = $pdo->insert ('io_lanc'['lan_nev'=>$lan_nev : '''lan_telep'=>1'lan_cim'=>$lan_cim : '''lan_email'=>$lan_email : '''lan_telefon'=>$lan_telefon : '''lan_fax'=>$lan_fax : '''lan_kapcsolat'=>$lan_kapcsolat : '''lan_takszallitas_mod'=>(int) // if($jog == 2 && isset($mentes)), if(!empty($aktualis)) else , if(empty($arr_hiba)),
  • 480: $aktualis = $lan_az // if($jog == 2 && isset($mentes)), if(!empty($aktualis)) else , if(empty($arr_hiba)), if($lan_az),
  • 1033: select $valasztottRaktarak = $pdo->select ("SELECT      bol_az     FROM io_bolt   JOIN io_vevo ON bol_vev_az = vev_az   JOIN io_regio ON vev_reg_az = reg_az      JOIN io_lanc ON lan_az = reg_lan_az   LEFT JOIN io_raktar2lanc ON bol_az = r2l_rak_az AND r2l_lan_az = '" . $aktualis . "'  WHERE reg_lan_az = " . RAKTAR_LAN_AZ . " AND bol_del = 0 AND bol_is_kereskedelem=0  GROUP BY bol_az     HAVING COUNT(DISTINCT r2l_lan_az) > 0  ORDER BY bol_nev"[]PDO::FETCH_COLUMN)
    • requires:
      • 844: if($funkcio == "modosit")
SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $lan_nev is not initialized and http://php.net/register_globals is enabled
  • 434: $lan_az = $pdo->insert ('io_lanc'['lan_nev'=>$lan_nev : '''lan_telep'=>1'lan_cim'=>$lan_cim : '''lan_email'=>$lan_email : '''lan_telefon'=>$lan_telefon : '''lan_fax'=>$lan_fax : '''lan_kapcsolat'=>$lan_kapcsolat : '''lan_takszallitas_mod'=>(int) // if($jog == 2 && isset($mentes)), if(!empty($aktualis)) else , if(empty($arr_hiba)),
  • 480: $aktualis = $lan_az // if($jog == 2 && isset($mentes)), if(!empty($aktualis)) else , if(empty($arr_hiba)), if($lan_az),
  • 1181: select $_res = $pdo->select ("SELECT g.*,        COUNT(l2l_lan_az) as cnt_lan_az   FROM io_lanc_group g   LEFT JOIN io_lan2lag ON l2l_lag_az = g.lag_az     AND l2l_lan_az = '{$aktualis}'  WHERE 1 AND g.lag_del=0  GROUP BY g.lag_az  ORDER BY cnt_lan_az DESC, g.lag_nev")
    • requires:
      • 844: if($funkcio == "modosit")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 1325: print print "<tr><td colspan=10 align=\"right\" class=\"tabla_cella\">   <button type=\"submit\" class=\"btn_save_2_img\" name=\"mentes\" title=\"" . __MENTES . "\" value=\"" . __MENTES . "\"></button>&nbsp;&nbsp;" . "<button type=\"button\" class=\"btn_back_2_img\" title=\"" . __MEGSE . "\" value=\"" . __MEGSE . "\"   onClick=\"location.href='index.php?prg=$prg&alp=$alp'\"></button></td></tr>"
    • requires:
      • 844: if($funkcio == "modosit")
      • 1324: if($jog == 2)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 1331: print print "<tr><td colspan=10 align=\"right\" class=\"tabla_cella\">   <button type=\"button\" class=\"gomb\" title=\"" . __VISSZA . "\"   onClick=\"location.href='index.php?prg=$prg&alp=$alp'\"></button></td></tr>"
    • requires:
      • 844: if($funkcio == "modosit")
      • 1330: if($jog == 2) else 
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $lan_nev is not initialized and http://php.net/register_globals is enabled
  • 434: $lan_az = $pdo->insert ('io_lanc'['lan_nev'=>$lan_nev : '''lan_telep'=>1'lan_cim'=>$lan_cim : '''lan_email'=>$lan_email : '''lan_telefon'=>$lan_telefon : '''lan_fax'=>$lan_fax : '''lan_kapcsolat'=>$lan_kapcsolat : '''lan_takszallitas_mod'=>(int) // if($jog == 2 && isset($mentes)), if(!empty($aktualis)) else , if(empty($arr_hiba)),
  • 480: $aktualis = $lan_az // if($jog == 2 && isset($mentes)), if(!empty($aktualis)) else , if(empty($arr_hiba)), if($lan_az),
  • 1340: print print "<input type=\"hidden\" name=\"aktualis\" value=\"$aktualis\"><br/>"
    • requires:
      • 844: if($funkcio == "modosit")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $lan_nev is not initialized and http://php.net/register_globals is enabled
  • 1790: print print " value=\"$lan_nev\""
    • requires:
      • 1776: if($funkcio == "felvitel")
      • 1789: if(isset($lan_nev))
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $lan_cim is not initialized and http://php.net/register_globals is enabled
  • 1797: print print " value=\"$lan_cim\""
    • requires:
      • 1776: if($funkcio == "felvitel")
      • 1796: if(isset($lan_cim))
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $lan_email is not initialized and http://php.net/register_globals is enabled
  • 1804: print print "<textarea name=\"lan_email\"" . (" disabled" : "") . " class=\"bevitel ta_memo\" rows='2'>" . $lan_email . "</textarea>"
    • requires:
      • 1776: if($funkcio == "felvitel")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $lan_email_kuld is not initialized and http://php.net/register_globals is enabled
  • 1811: print print "<textarea name=\"lan_email_kuld\"" . (" disabled" : "") . " class=\"bevitel ta_memo\" rows='2'>" . $lan_email_kuld . "</textarea>"
    • requires:
      • 1776: if($funkcio == "felvitel")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $lan_telefon is not initialized and http://php.net/register_globals is enabled
  • 1816: echo echo Animal::getform()->phonenumber('lan_telefon'$lan_telefonNULL['wrapper'=>'tr''disabled'=>$jog == 1'validator'=>['name'=>'validatePhoneNumber''params'=>['...lan_telefon']]])
    • requires:
      • 1776: if($funkcio == "felvitel")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $lan_fax is not initialized and http://php.net/register_globals is enabled
  • 1825: echo echo Animal::getform()->faxnumber('lan_fax'$lan_faxNULL['wrapper'=>'tr''disabled'=>$jog == 1'validator'=>['name'=>'validateFaxNumber''params'=>['...lan_fax']]])
    • requires:
      • 1776: if($funkcio == "felvitel")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $lan_kapcsolat is not initialized and http://php.net/register_globals is enabled
  • 1837: print print " value=\"$lan_kapcsolat\""
    • requires:
      • 1776: if($funkcio == "felvitel")
      • 1836: if(isset($lan_kapcsolat))
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $arr_takszallitas_mod is not initialized and http://php.net/register_globals is enabled
  • 1844: foreach($arr_takszallitas_mod as $k=>$v)
  • 1845: $sel = " selected" : ""
  • 1846: print print "<option value=\"" . $k . "\"" . $sel . ">" . $v['title'] . " " . (" [x]" : "") . "</option>"
    • requires:
      • 1776: if($funkcio == "felvitel")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $arr_lan_profil is not initialized and http://php.net/register_globals is enabled
  • 1864: foreach($arr_lan_profil as $k=>$v)
  • 1865: $sel = " selected" : ""
  • 1866: print print "<option value=\"" . $k . "\"" . $sel . ">" . $v['title'] . " " . (" [x]" : "") . "</option>"
    • requires:
      • 1776: if($funkcio == "felvitel")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $lan_felugyelo is not initialized and http://php.net/register_globals is enabled
  • 1874: print print " value='" . $lan_felugyelo . "' "
    • requires:
      • 1776: if($funkcio == "felvitel")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $lan_tenyeszetkod is not initialized and http://php.net/register_globals is enabled
  • 1907: print print " value=\"" . ($lan_tenyeszetkod) . "\" class=\"bevitel\" size=40></td></tr>"
    • requires:
      • 1776: if($funkcio == "felvitel")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $lan_mvh_regszam is not initialized and http://php.net/register_globals is enabled
  • 1914: print print " value=\"" . ($lan_mvh_regszam) . "\" class=\"bevitel\" size=40></td></tr>"
    • requires:
      • 1776: if($funkcio == "felvitel")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $lan_tart_hely_azon is not initialized and http://php.net/register_globals is enabled
  • 1937: print print " value=\"" . ($lan_tart_hely_azon) . "\" class=\"bevitel\" size=40></td></tr>"
    • requires:
      • 1776: if($funkcio == "felvitel")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $lan_talalkozasipont is not initialized and http://php.net/register_globals is enabled
  • 1944: print print " value=\"" . ($lan_talalkozasipont) . "\" class=\"bevitel\" size=40></td></tr>"
    • requires:
      • 1776: if($funkcio == "felvitel")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 1970: print print "<tr><td colspan=4 align=\"right\" class=\"tabla_cella\">   <button type=\"submit\" class=\"btn_save_2_img\" name=\"mentes\" value=\"" . __MENTES . "\" title=\"" . __MENTES . "\"></button>&nbsp;&nbsp;" . "<button type=\"button\" class=\"btn_back_2_img\" value=\"" . __MEGSE . "\"   onClick=\"location.href='index.php?prg=" . $prg . "&alp=" . $alp . "'\"></button></td></tr>"
    • requires:
      • 1776: if($funkcio == "felvitel")

File: /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/kevero.php

Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 237: print print "<button type=\"button\" class=\"btn_back_2_img\" titlee=\"" . __MEGSE . "\" onClick=\"location.href='index.php?prg=$prg&alp=$alp'\"></button></td></tr>"
    • requires:
      • 195: if($funkcio == "modosit" && !empty($aktualis))
      • 233: if($jog == 2)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 241: print print "<button type=\"button\" class=\"btn_back_2_img\" title=\"" . __VISSZA . "\" onClick=\"location.href='index.php?prg=$prg&alp=$alp'\"></button></td></tr>"
    • requires:
      • 195: if($funkcio == "modosit" && !empty($aktualis))
      • 239: if($jog == 2) else 
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $kev_nev is not initialized and http://php.net/register_globals is enabled
  • 266: print print " value=\"$kev_nev\""
    • requires:
      • 258: if($funkcio == "felvitel")
      • 265: if(isset($kev_nev))
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $kev_cim is not initialized and http://php.net/register_globals is enabled
  • 273: print print " value=\"$kev_cim\""
    • requires:
      • 258: if($funkcio == "felvitel")
      • 272: if(isset($kev_cim))
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $kev_email is not initialized and http://php.net/register_globals is enabled
  • 278: print print "<td class=\"tabla_cella col_field\"><textarea class=\"bevitel ta_memo\" name=\"kev_email\">" . $kev_email . "</textarea>"
    • requires:
      • 258: if($funkcio == "felvitel")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $kev_megjegyzes is not initialized and http://php.net/register_globals is enabled
  • 285: print print $kev_megjegyzes
    • requires:
      • 258: if($funkcio == "felvitel")
      • 284: if(isset($kev_megjegyzes))
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 295: print print "<button type=\"button\" class=\"btn_back_2_img\" title=\"" . __MEGSE . "\" onClick=\"location.href='index.php?prg=" . $prg . "&alp=" . $alp . "'\"></button>"
    • requires:
      • 258: if($funkcio == "felvitel")

File: /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/vevo_profil.php

Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 43: $entity_id = !$_REQUEST['entity_id'] : NULL // if($action == 'delete'),
  • 47: $entity = Animal::getentity ('vevo_profil'$entity_id) // if($action == 'delete'), if($entity_id),
  • 53: $action = 'list' // if($action == 'delete'),
  • 31: $action = 'edit' // if($action == 'new' || $action == 'edit'), if(isset($_REQUEST)), if($valid === TRUE),
  • 12: $_REQUEST['action'] = 'list' // if(!isset($_REQUEST)),
  • 16: $action = !$_REQUEST['action'] : 'list'
  • 60: print print geteditform ($entity$action)
    • requires:
      • 56: switch($action)
      • 58:  case 'edit' : 

File: /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/termek_elszamoloar.php

Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 243: print print "<tr><td colspan=4 align=\"right\" class=\"tabla_cella\">   <button type=\"submit\" class=\"btn_save_2_img\" name=\"mentes\" title=\"" . __MENTES . "\"></button>" . "&nbsp;" . "<button type=\"button\" class=\"btn_back_2_img\" title=\"" . __MEGSE . "\" onClick=\"location.href='index.php?prg=$prg&alp=$alp'\"></button></td></tr>"
    • requires:
      • 220: if($funkcio == "modosit" && !empty($aktualis))
      • 242: if($jog == 2)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 249: print print "<tr><td colspan=4 align=\"right\" class=\"tabla_cella\">   <button type=\"button\" class=\"btn_back_2_img\" title=\"" . __VISSZA . "\" onClick=\"location.href='index.php?prg=$prg&alp=$alp'\"></button></td></tr>"
    • requires:
      • 220: if($funkcio == "modosit" && !empty($aktualis))
      • 248: if($jog == 2) else 
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 260: $_a = unserialize($sor['ela_adat']) // , trace stopped
  • 263: foreach($_a as $k=>$v) // if(is_array($_a) && sizeof($_a)),
  • 113: foreach($_REQUEST['aela'] as $k=>$v) // if(isset($mentes)), if(!empty($aktualis)) else , if(is_array($_REQUEST) && sizeof($_REQUEST)),
  • 265: $tmp[] = $v // if(is_array($_a) && sizeof($_a)), if(($v * 1.0) > 0.0),
  • 269: $_a = $tmp
  • 287: foreach($_a as $k=>$v)
  • 295: echo echo $v['kgig']
    • requires:
      • 220: if($funkcio == "modosit" && !empty($aktualis))
      • 288: if($v['kgig'])
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 260: $_a = unserialize($sor['ela_adat']) // , trace stopped
  • 263: foreach($_a as $k=>$v) // if(is_array($_a) && sizeof($_a)),
  • 113: foreach($_REQUEST['aela'] as $k=>$v) // if(isset($mentes)), if(!empty($aktualis)) else , if(is_array($_REQUEST) && sizeof($_REQUEST)),
  • 265: $tmp[] = $v // if(is_array($_a) && sizeof($_a)), if(($v * 1.0) > 0.0),
  • 269: $_a = $tmp
  • 287: foreach($_a as $k=>$v)
  • 298: echo echo $v['ar']
    • requires:
      • 220: if($funkcio == "modosit" && !empty($aktualis))
      • 288: if($v['kgig'])
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 320: print print "<input type=\"button\" class=\"gomb btn_back_2_img\" value=\"" . __MEGSE . "\" onClick=\"location.href='index.php?prg=" . $prg . "&alp=" . $alp . "'\"></td>"
    • requires:
      • 220: if($funkcio == "modosit" && !empty($aktualis))
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $ela_kod is not initialized and http://php.net/register_globals is enabled
  • 336: print print "<td class=\"tabla_cella col_field\"><input type=\"text\" name=\"ela_kod\"" . (" value=\"$ela_kod\"" : "") . " class=\"bevitel\" size=20></td></tr>"
    • requires:
      • 330: if($funkcio == "felvitel")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $ela_dt is not initialized and http://php.net/register_globals is enabled
  • 340: print print "<td class=\"tabla_cella col_field_0\"><input type=\"text\" name=\"ela_dt\"" . (" value=\"$ela_dt\"" : "") . " class=\"bevitel dt_picker_yymmdd\" size=10></td></tr>"
    • requires:
      • 330: if($funkcio == "felvitel")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $ela_megjegyzes is not initialized and http://php.net/register_globals is enabled
  • 347: print print "<td class=\"tabla_cella col_field\"><textarea name=\"ela_megjegyzes\"" . (" disabled" : "") . " wrap=\"on\" class=\"bevitel ta_memo\">" . $ela_megjegyzes . "</textarea></td></tr>"
    • requires:
      • 330: if($funkcio == "felvitel")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 353: print print "<button type=\"button\" class=\"btn_back_2_img\" title=\"" . __MEGSE . "\" onClick=\"location.href='index.php?prg=" . $prg . "&alp=" . $alp . "'\"></button></td>"
    • requires:
      • 330: if($funkcio == "felvitel")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 360: $_a = $_REQUEST['aela']
  • 376: foreach($_a as $k=>$v)
  • 384: echo echo $v['kgig']
    • requires:
      • 330: if($funkcio == "felvitel")
      • 375: if(is_array($_a) && sizeof($_a))
      • 377: if($v['kgig'])
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 360: $_a = $_REQUEST['aela']
  • 376: foreach($_a as $k=>$v)
  • 387: echo echo $v['ar']
    • requires:
      • 330: if($funkcio == "felvitel")
      • 375: if(is_array($_a) && sizeof($_a))
      • 377: if($v['kgig'])
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 410: print print "<input type=\"button\" class=\"gomb btn_back_2_img\" value=\"" . __MEGSE . "\" onClick=\"location.href='index.php?prg=" . $prg . "&alp=" . $alp . "'\"></td>"
    • requires:
      • 330: if($funkcio == "felvitel")

File: /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/includes/arkalkulator.list.php

Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $list is not initialized and http://php.net/register_globals is enabled
  • 44: foreach($list as $k=>$sor)
  • 46: echo echo $sor['ark_az']
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $list is not initialized and http://php.net/register_globals is enabled
  • 44: foreach($list as $k=>$sor)
  • 47: echo echo $sor['ark_nev']
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $list is not initialized and http://php.net/register_globals is enabled
  • 44: foreach($list as $k=>$sor)
  • 48: echo echo $sor['country_name']
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $list is not initialized and http://php.net/register_globals is enabled
  • 44: foreach($list as $k=>$sor)
  • 49: echo echo $sor['profile_name']
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $list is not initialized and http://php.net/register_globals is enabled
  • 44: foreach($list as $k=>$sor)
  • 54: echo echo $sor['ark_az']
    • requires:
      • 52: if($jog == 2)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $list is not initialized and http://php.net/register_globals is enabled
  • 44: foreach($list as $k=>$sor)
  • 63: echo echo $sor['ark_az']
    • requires:
      • 61: if($jog == 2)

File: /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/includes/arkalkulator.php

Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str)
  • 465: $lowercase $lowercase($const['__EV'])}
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str)
  • 475: $lowercase $lowercase($const['__SHORT_MONTH'])}
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str)
  • 560: $lowercase $lowercase($const['__DARAB'])}
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str)
  • 571: $lowercase $lowercase($const['__DARAB'])}
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str)
  • 582: $lowercase $lowercase($const['__DARAB'])}
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str)
  • 590: $lowercase $lowercase($const['__DARAB'])}
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str)
  • 601: $lowercase $lowercase($const['__DB'])}
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str)
  • 601: $lowercase $lowercase($const['__TYUK'])}
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str)
  • 634: $lowercase $lowercase($const['__DARAB'])}
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str)
  • 645: $lowercase $lowercase($const['__DARAB'])}
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str)
  • 656: $lowercase $lowercase($const['__DARAB'])}
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str)
  • 664: $lowercase $lowercase($const['__DARAB'])}
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str)
  • 675: $lowercase $lowercase($const['__DB'])}
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str)
  • 675: $lowercase $lowercase($const['__TYUK'])}
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str)
  • 700: $lowercase $lowercase($const['__MODUL'])}
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str)
  • 700: $lowercase $lowercase($const['__DB'])}
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str)
  • 888: $lowercase $lowercase($const['__EV'])}
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str)
  • 1083: $lowercase $lowercase($const['__MODUL'])}
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str)
  • 1086: $lowercase $lowercase($const['__EV'])}
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str)
  • 1415: $lowercase $lowercase($const['__EV'])}
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str)
  • 1419: $lowercase $lowercase($const['__TELEP'])}
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str)
  • 1431: $lowercase $lowercase($const['__FELHASZNALO'])}
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str)
  • 1443: $lowercase $lowercase($const['__EV'])}
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str)
  • 1471: $lowercase $lowercase($const['__OSSZESEN'])}

File: /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/log_db.php

Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $_func0 is not initialized and http://php.net/register_globals is enabled
  • 170: $func = $_func0 . '0' // functions_hmd.inc.phpif(is_numeric($method)) else ,
  • 172: $func $func($params) // functions_hmd.inc.php
SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 397: $conds[] = 'ldb_fel_az = ' . (int)$_POST['ldb_fel_az'] // if(!empty($_POST)),
  • 393: $conds[] = 'ldb_tabla = "' . $_POST['ldb_tabla'] . '"' // if(!empty($_POST)),
  • 400: $conds = implode(' AND '$conds)
  • 402: select $rows = $pdo->select ('SELECT *      FROM io_log_db      LEFT JOIN io_felhasznalo ON ldb_fel_az = fel_az      WHERE ' . $conds . '     ORDER BY ldb_letrejott DESC')

File: /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/ajanlatok.php

SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $ark_parent_az is not initialized and http://php.net/register_globals is enabled
  • 247: select $res0 = $pdo->select ("SELECT * FROM io_arkalkulacio WHERE ark_az=$ark_parent_az")
    • requires:
      • 185: if(isset($mentes) || (isset($ark_copy) && $aktualis))
      • 227: if(isset($aktualis)) else 
      • 244: if(!sizeof($arr_hiba))
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $ark_email is not initialized and http://php.net/register_globals is enabled
  • 478: print print " value=\"$ark_email\""
    • requires:
      • 444: if($funkcio == "felvitel")
      • 477: if(isset($ark_email))
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 491: print print "<tr><td colspan=4 align=\"right\" class=\"tabla_cella\">     <button type=\"submit\" class=\"btn_save_2_img\" name=\"mentes\" data-toggle=\"tooltip\" value=\"" . __MENTES . "\"></button>" . "&nbsp;&nbsp;" . "<button type=\"button\" class=\"btn_back_2_img\" data-toggle=\"tooltip\" value=\"" . __MEGSE . "\" title=\"" . __MEGSE . "\"     onClick=\"location.href='index.php?prg=" . $prg . "&alp=" . $alp . "'\"></button></td></tr>"
    • requires:
      • 444: if($funkcio == "felvitel")
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str) // arkalkulator.phpif($funkcio == "modosit"),
  • 465: $lowercase $lowercase($const['__EV'])} // arkalkulator.php
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str) // arkalkulator.phpif($funkcio == "modosit"),
  • 475: $lowercase $lowercase($const['__SHORT_MONTH'])} // arkalkulator.php
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str) // arkalkulator.phpif($funkcio == "modosit"),
  • 560: $lowercase $lowercase($const['__DARAB'])} // arkalkulator.php
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str) // arkalkulator.phpif($funkcio == "modosit"),
  • 571: $lowercase $lowercase($const['__DARAB'])} // arkalkulator.php
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str) // arkalkulator.phpif($funkcio == "modosit"),
  • 582: $lowercase $lowercase($const['__DARAB'])} // arkalkulator.php
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str) // arkalkulator.phpif($funkcio == "modosit"),
  • 590: $lowercase $lowercase($const['__DARAB'])} // arkalkulator.php
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str) // arkalkulator.phpif($funkcio == "modosit"),
  • 601: $lowercase $lowercase($const['__DB'])} // arkalkulator.php
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str) // arkalkulator.phpif($funkcio == "modosit"),
  • 601: $lowercase $lowercase($const['__TYUK'])} // arkalkulator.php
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str) // arkalkulator.phpif($funkcio == "modosit"),
  • 634: $lowercase $lowercase($const['__DARAB'])} // arkalkulator.php
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str) // arkalkulator.phpif($funkcio == "modosit"),
  • 645: $lowercase $lowercase($const['__DARAB'])} // arkalkulator.php
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str) // arkalkulator.phpif($funkcio == "modosit"),
  • 656: $lowercase $lowercase($const['__DARAB'])} // arkalkulator.php
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str) // arkalkulator.phpif($funkcio == "modosit"),
  • 664: $lowercase $lowercase($const['__DARAB'])} // arkalkulator.php
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str) // arkalkulator.phpif($funkcio == "modosit"),
  • 675: $lowercase $lowercase($const['__DB'])} // arkalkulator.php
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str) // arkalkulator.phpif($funkcio == "modosit"),
  • 675: $lowercase $lowercase($const['__TYUK'])} // arkalkulator.php
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str) // arkalkulator.phpif($funkcio == "modosit"),
  • 700: $lowercase $lowercase($const['__MODUL'])} // arkalkulator.php
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str) // arkalkulator.phpif($funkcio == "modosit"),
  • 700: $lowercase $lowercase($const['__DB'])} // arkalkulator.php
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str) // arkalkulator.phpif($funkcio == "modosit"),
  • 888: $lowercase $lowercase($const['__EV'])} // arkalkulator.php
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str) // arkalkulator.phpif($funkcio == "modosit"),
  • 1083: $lowercase $lowercase($const['__MODUL'])} // arkalkulator.php
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str) // arkalkulator.phpif($funkcio == "modosit"),
  • 1086: $lowercase $lowercase($const['__EV'])} // arkalkulator.php
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str) // arkalkulator.phpif($funkcio == "modosit"),
  • 1415: $lowercase $lowercase($const['__EV'])} // arkalkulator.php
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str) // arkalkulator.phpif($funkcio == "modosit"),
  • 1419: $lowercase $lowercase($const['__TELEP'])} // arkalkulator.php
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str) // arkalkulator.phpif($funkcio == "modosit"),
  • 1431: $lowercase $lowercase($const['__FELHASZNALO'])} // arkalkulator.php
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str) // arkalkulator.phpif($funkcio == "modosit"),
  • 1443: $lowercase $lowercase($const['__EV'])} // arkalkulator.php
Code Execution

Userinput is used as dynamic function name. Arbitrary functions may be called.
  • 0: $str is not initialized and http://php.net/register_globals is enabled
  • 344: $lowercase =  function ($str){returnmb_strtolower($str) // arkalkulator.phpif($funkcio == "modosit"),
  • 1471: $lowercase $lowercase($const['__OSSZESEN'])} // arkalkulator.php
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 519: print print "<form method=\"post\" id=\"frm_jump\" name=\"frm_jump\" action=\"?prg=$prg&alp=$alp\" style=\"margin:0px;padding:0px;\">"
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 6: $const = get_defined_constants() // arkalkulator.phpif($funkcio == "modosit"),
  • 537: $alapArlistak = $form->select ('ark_parent_az'["--- " . __VALASSZON . " ---"] + getalaparlistaoptions ($profileNames$profileNameIds)$sor['ark_parent_az']['id'=>'ark_parent_az''class'=>'legordulo''disabled'=>'disabled']) // , trace stopped
  • 0: $ark_parent_az is not initialized and http://php.net/register_globals is enabled
  • 260: $row0['ark_parent_az'] = $ark_parent_az // if(isset($mentes) || (isset($ark_copy) && $aktualis)), if(isset($aktualis)) else , if(!sizeof($arr_hiba)), if(!empty($res0)),
  • 264: $aktualis = $pdo->insert ('io_arkalkulacio'$row0) // if(isset($mentes) || (isset($ark_copy) && $aktualis)), if(isset($aktualis)) else , if(!sizeof($arr_hiba)), if(!empty($res0)),
  • 351: $sor = Animal::getentity ('arkalkulacio'$aktualis)->getvalues () // arkalkulator.php
  • 550: $statusButton1State = 'hidden' // if($sor == 0) else ,
  • 547: $statusButton2State = 'hidden' // if($sor == 0),
  • 544: $statusButton2State = ''
  • 1041: $statusButton2State = 'hidden' // arkalkulator.phpif(empty($sor)),
  • 1034: $statusButton2State = 'hidden' // arkalkulator.phpif($sor == 0),
  • 1031: $statusButton2State = '' // arkalkulator.php
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 266: $css = <<<HTML <style type="text/css">     .cella_profil {         background: #efefef;     }      tr.hidden {         display: none;     }      .active-profil-cella {         background: #fff;     }      .arlista_hidden {         display: none;     }      .active-profil-cella.profile-radio label {         font-weight: bold;     }      .profil-tabla td {         font-size: 12px;     }      #kalkulacio td {         font-size: 12px;     }      #kalkulacio tr.red td {         color: red;     }      #kalkulacio .ertek {         padding-right: 5px;         text-align: right !important;     }      #kalkulacio .ertek.bold {         font-weight: bold;     }      #kalkulacio .ertek::after {         content: ' \\20AC';     }      .summatext b {         padding-left: 5px;     }      tr.section_darabszam input[type="text"]{         font-size: 14px !important;     }      @media print {         .ark-no-print {             display: none !important;         }          input,         input:disabled {             border: 0 !important;             background-color: #fff !important;         }         textarea {             border: 0 !important;         }         td {             padding-top: 0 !important;             padding-bottom: 0 !important;         }         .tabla_lablec {             height: auto !important;         }     } </style> HTML // arkalkulator.phpif($funkcio == "modosit"),
  • 0: $ark_parent_az is not initialized and http://php.net/register_globals is enabled
  • 260: $row0['ark_parent_az'] = $ark_parent_az // if(isset($mentes) || (isset($ark_copy) && $aktualis)), if(isset($aktualis)) else , if(!sizeof($arr_hiba)), if(!empty($res0)),
  • 264: $aktualis = $pdo->insert ('io_arkalkulacio'$row0) // if(isset($mentes) || (isset($ark_copy) && $aktualis)), if(isset($aktualis)) else , if(!sizeof($arr_hiba)), if(!empty($res0)),
  • 351: $sor = Animal::getentity ('arkalkulacio'$aktualis)->getvalues () // arkalkulator.php
  • 353: $arlistaHideClass = isset($sor) && 'arlista_hidden' : 'ark-no-print' // arkalkulator.php
  • 373: $cim = __ARAJANLAT : __ARLISTA // arkalkulator.php
  • 371: $nevHidden = '' : 'hidden' // arkalkulator.php
  • 6: $const = get_defined_constants() // arkalkulator.phpif($funkcio == "modosit"),
  • 364: $nevInput = $form->text('ark_nev'$sor['ark_nev']NULL['id'=>'ark_nev''class'=>'bevitel''size'=>10'style'=>'width: 300px;']) // arkalkulator.php
  • 358: $countrySelect = $form->select ('ark_cou_id'$countries$sor['ark_cou_id']['class'=>'legordulo''disabled'=>!empty($sor['ark_parent_az'])'style'=>'width: 300px;']) // arkalkulator.php, trace stopped
  • 349: $editDisabled = 'disabled' : '' // arkalkulator.php
  • 10: $profileNames = ['tenyesztes'=>__TENYESZTES'tenyesztes_hizlalas'=>__TENYESZTES . ' + ' . __HIZLALAS'hizlalas'=>__HIZLALAS'hizlalas_broyler'=>__HIZLALAS . ' ' . __BROILER'tojas_eloallitas'=>__TOJAS_ELOALLITAS]
  • 379: $arlista = <<<HTML <div id="div_content">  <form method="post" id="save_helper_form">     <input type="hidden" value="{$sor['ark_az']}" name="aktualis">     <input type="hidden" value="modosit" name="funkcio"> </form>  <table border="0" cellpadding="0" cellspacing="0" class="tabla profil-tabla {$arlistaHideClass}" style="margin-bottom: 20px;">     <tr>         <td colspan="8" class="tabla_fejlec box_cim">{$cim}</td>     </tr>     <tr class="{$nevHidden}">         <td class="tabla_cella"><b>{$const['__NEV']}:</b></td>         <td class="tabla_cella" colspan="6">{$nevInput}</td>     </tr>     <tr>         <td class="tabla_cella"><b>{$const['__ORSZAG']}:</b></td>         <td class="tabla_cella" colspan="6">{$countrySelect}</td>     </tr>     <tr>         <td class="tabla_cella cella_profil" colspan="7">&nbsp;</td>     </tr>     <tr>         <td class="tabla_cella tabla_fejlec" colspan="2"><b>{$const['__PROFIL']}:</b></td>         <td class="tabla_cella tabla_fejlec cella_profil  cella_profil_1 profile-radio" style="text-align: center;width: 15%;">             <input type="radio" name="ark_profil" id="ark_profil_1" {$editDisabled} class="bevitel" value="1">             <label for="ark_profil_1" style="position: relative;top: -4px;">{$profileNames['tenyesztes']}</label>         </td>         <td class="tabla_cella tabla_fejlec cella_profil  cella_profil_2 profile-radio" style="text-align: center;">             <input type="radio" name="ark_profil" id="ark_profil_2" {$editDisabled} class="bevitel" value="2">             <label for="ark_profil_2" style="position: relative;top: -4px;"> // arkalkulator.php
  • 1072: $kalkulacio = <<<HTML     <table border="0" cellpadding="0" cellspacing="0" class="tabla" id="kalkulacio">         <tr>             <td colspan="6" class="tabla_fejlec box_cim">{$const['__ARAJANLAT']}</td>         </tr>         <tr>             <td class="tabla_cella" style="font-size: 14px; width: 20%;">&nbsp;</td>             <td class="tabla_cella" style="text-align: right; width: 10%;"><b>{$const['__EGYSEGAR']}</b></td>             <td class="tabla_cella" style="text-align: right; width: 10%"><b>{$const['__VARHATO_EVES_DIJ']}</b></td>             <td class="tabla_cella"></td>             <td class="tabla_cella" style="width: 18%; text-align: center;"><b>{$const['__KEDVEZMENY']} %</b></td>             <td class="tabla_cella" style="width: 18%; text-align: right;"><b>{$const['__EVES_DIJ']} / {$lowercase($const['__MODUL'])}</b></td>         </tr>         <tr id="k_0">             <td class="tabla_cella"><b>{$const['__HOZZAFERES']} / {$lowercase($const['__EV'])}:</b></td>             <td class="tabla_cella ertek fixed" style="width: 18%;" id="k_0_1"></td>             <td class="tabla_cella ertek" style="text-align: right; width: 18%;" id="k_0_2"></td>             <td class="tabla_cella"></td>             <td class="tabla_cella" style="text-align: center;">                 <input id="k_0_4" style="text-align: center; width: 96%;" type="text"  {$editDisabled} class="bevitel percent" size=10>             </td>             <td class="tabla_cella ertek" id="k_0_5"></td>         </tr>         <tr>             <td class="tabla_lablec" >&nbsp;</td>             <td class="tabla_lablec" ></td>             <td class="tabla_lablec" ></td>             <td class="tabla_lablec" ></td>             <td class="tabla_lablec" ></td>             <td class="tabla_lablec"></td>         </tr>          <tr>             <td colspan="6" class="tabla_fejlec box_cim">{$const['__PROFIL']}</td>         </tr>                 <tr id="k_1">             <td class="tabla_cella"><b>{$profileNames['tenyesztes'] // arkalkulator.php
  • 605: $page = $css . $arlista . $kalkulacio . '</div>' . <<<EOF <script>     $(document).ready(function() {         var priceCalculation = new Animal.priceCalculation();          priceCalculation.init(           {$sor['ark_az']},            {             saveText: '{$const['__MENTES_SIKERES']}',             copyText: '{$const['__MASOLAS_SIKERES']}' + ' ' + '{$const['__MASOLAT_UJ_ABLAK']}',           },           'index.php?prg={$prg}&alp={$alp}'         );     }); </script> EOF

File: /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/alapanyag_csoportok.php

Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 301: print print "<tr><td colspan=4 align=\"right\" class=\"tabla_cella\">    <button type=\"submit\" class=\"btn_save_2_img\" name=\"mentes\" title=\"" . __MENTES . "\" value=\"" . __MENTES . "\"></button>&nbsp;&nbsp;" . "<button type=\"button\" class=\"btn_back_2_img\" title=\"" . __MEGSE . "\" value=\"" . __MEGSE . "\"    onClick=\"location.href='index.php?prg=$prg&alp=$alp'\"></button></td></tr>"
    • requires:
      • 246: if($funkcio == "modosit")
      • 300: if($jog == 2)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 307: print print "<tr><td colspan=4 align=\"right\" class=\"tabla_cella\">    <button type=\"button\" class=\"btn_back_2_img\" title=\"" . __VISSZA . "\" value=\"" . __VISSZA . "\"    onClick=\"location.href='index.php?prg=$prg&alp=$alp'\"></button></td></tr>"
    • requires:
      • 246: if($funkcio == "modosit")
      • 306: if($jog == 2) else 
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 147: $sor = $pdo->retrieve('io_alapanyag_csoport''*'['acs_az'=>$aktualis]) // if(isset($mentes)), if(isset($aktualis)) else , if(!sizeof($arr_hiba)), , trace stopped
  • 152: $aktualis = $sor['acs_az'] // if(isset($mentes)), if(isset($aktualis)) else , if(!sizeof($arr_hiba)),
  • 0: $acs_nev is not initialized and http://php.net/register_globals is enabled
  • 56: $aktiv = 1 // if(isset($mentes)), if(!isset($aktiv)) else ,
  • 137: $aktualis = $pdo->insert ('io_alapanyag_csoport'['acs_nev'=>$acs_nev'acs_megjegyzes'=>$acs_megjegyzes'acs_aktiv'=>$aktiv'acs_korrekcios'=>$acs_korrekcios'acs_ter_az'=>$acs_ter_az]) // if(isset($mentes)), if(isset($aktualis)) else , if(!sizeof($arr_hiba)),
  • 316: print print "<input type=\"hidden\" name=\"aktualis\" value=\"$aktualis\">"
    • requires:
      • 246: if($funkcio == "modosit")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $acs_nev is not initialized and http://php.net/register_globals is enabled
  • 329: print print " value=\"$acs_nev\""
    • requires:
      • 321: if($funkcio == "felvitel")
      • 328: if(isset($acs_nev))
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $acs_megjegyzes is not initialized and http://php.net/register_globals is enabled
  • 336: print print $acs_megjegyzes
    • requires:
      • 321: if($funkcio == "felvitel")
      • 335: if(isset($acs_megjegyzes))
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $acs_korrekcios is not initialized and http://php.net/register_globals is enabled
  • 355: print print $form->text('acs_korrekcios'$acs_korrekciosNULL['class'=>'bevitel'])
    • requires:
      • 321: if($funkcio == "felvitel")
      • 352: if(defset ('MOD_TAKARMANY'FALSE) === TRUE)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 369: print print "<tr><td colspan=4 align=\"right\" class=\"tabla_cella\">    <button type=\"submit\" class=\"btn_save_2_img\" name=\"mentes\" title=\"" . __MENTES . "\" value=\"" . __MENTES . "\"></button>&nbsp;&nbsp;" . "<button type=\"button\" class=\"btn_back_2_img\" title=\"" . __MEGSE . "\" value=\"" . __MEGSE . "\"    onClick=\"location.href='index.php?prg=" . $prg . "&alp=" . $alp . "'\"></button></td></tr>"
    • requires:
      • 321: if($funkcio == "felvitel")

File: /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/hypor_tattoo_series.php

Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 221: echo echo $prg
    • requires:
      • 180: if($funkcio == "")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $alp is not initialized and http://php.net/register_globals is enabled
  • 221: echo echo $alp
    • requires:
      • 180: if($funkcio == "")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 224: echo echo $prg
    • requires:
      • 180: if($funkcio == "")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $alp is not initialized and http://php.net/register_globals is enabled
  • 224: echo echo $alp
    • requires:
      • 180: if($funkcio == "")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 227: echo echo $prg
    • requires:
      • 180: if($funkcio == "")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $alp is not initialized and http://php.net/register_globals is enabled
  • 227: echo echo $alp
    • requires:
      • 180: if($funkcio == "")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 230: echo echo $prg
    • requires:
      • 180: if($funkcio == "")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $alp is not initialized and http://php.net/register_globals is enabled
  • 230: echo echo $alp
    • requires:
      • 180: if($funkcio == "")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 233: echo echo $prg
    • requires:
      • 180: if($funkcio == "")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $alp is not initialized and http://php.net/register_globals is enabled
  • 233: echo echo $alp
    • requires:
      • 180: if($funkcio == "")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 236: echo echo $prg
    • requires:
      • 180: if($funkcio == "")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $alp is not initialized and http://php.net/register_globals is enabled
  • 236: echo echo $alp
    • requires:
      • 180: if($funkcio == "")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 239: echo echo $prg
    • requires:
      • 180: if($funkcio == "")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $alp is not initialized and http://php.net/register_globals is enabled
  • 239: echo echo $alp
    • requires:
      • 180: if($funkcio == "")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 242: echo echo $prg
    • requires:
      • 180: if($funkcio == "")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $alp is not initialized and http://php.net/register_globals is enabled
  • 242: echo echo $alp
    • requires:
      • 180: if($funkcio == "")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 245: echo echo $prg
    • requires:
      • 180: if($funkcio == "")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $alp is not initialized and http://php.net/register_globals is enabled
  • 245: echo echo $alp
    • requires:
      • 180: if($funkcio == "")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 248: echo echo $prg
    • requires:
      • 180: if($funkcio == "")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $alp is not initialized and http://php.net/register_globals is enabled
  • 248: echo echo $alp
    • requires:
      • 180: if($funkcio == "")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 251: echo echo $prg
    • requires:
      • 180: if($funkcio == "")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $alp is not initialized and http://php.net/register_globals is enabled
  • 251: echo echo $alp
    • requires:
      • 180: if($funkcio == "")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 254: echo echo $prg
    • requires:
      • 180: if($funkcio == "")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $alp is not initialized and http://php.net/register_globals is enabled
  • 254: echo echo $alp
    • requires:
      • 180: if($funkcio == "")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 418: echo echo $prg
    • requires:
      • 317: if($funkcio == "modosit" && !empty($aktualis))
      • 414: if($jog == 2)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $alp is not initialized and http://php.net/register_globals is enabled
  • 418: echo echo $alp
    • requires:
      • 317: if($funkcio == "modosit" && !empty($aktualis))
      • 414: if($jog == 2)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 424: echo echo $prg
    • requires:
      • 317: if($funkcio == "modosit" && !empty($aktualis))
      • 421: if($jog == 2) else 
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $alp is not initialized and http://php.net/register_globals is enabled
  • 424: echo echo $alp
    • requires:
      • 317: if($funkcio == "modosit" && !empty($aktualis))
      • 421: if($jog == 2) else 
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 533: echo echo $prg
    • requires:
      • 439: if($funkcio == "felvitel")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $alp is not initialized and http://php.net/register_globals is enabled
  • 533: echo echo $alp
    • requires:
      • 439: if($funkcio == "felvitel")

File: /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/istallo.php

SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $cond_telepek is not initialized and http://php.net/register_globals is enabled
  • 69: select $res = $pdo->select ("SELECT *   FROM io_lanc   WHERE lan_telep = 1 $cond_telepek   ORDER BY lan_del, lan_nev")
SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $cond_telepek is not initialized and http://php.net/register_globals is enabled
  • 405: select $res = $pdo->select ("SELECT *     FROM io_lanc     WHERE lan_telep = 1       AND lan_del = 0 $cond_telepek     ORDER BY lan_nev")
    • requires:
      • 386: if($funkcio == "")
SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 466: $cond = ""
  • 0: $filter_lan_az is not initialized and http://php.net/register_globals is enabled
  • 468: $cond .= " AND ist_lan_az='" . $filter_lan_az . "' " // if($filter_lan_az),
  • 473: $sql = "SELECT *     FROM io_istallo    LEFT JOIN io_lanc ON ist_lan_az=lan_az AND lan_telep=1     WHERE ist_del = 0 $cond $cond_telepek     ORDER BY ist_nev ASC"
  • 478: select $eredmeny = $pdo->select ($sql)
    • requires:
      • 386: if($funkcio == "")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $arr_ist_tart_tech is not initialized and http://php.net/register_globals is enabled
  • 618: foreach($arr_ist_tart_tech as $k=>$v)
  • 619: $sel = " selected=\"selected\"" : ""
  • 620: print print "<option value=\"$k\"" . $sel . ">" . $v['title'] . "</option>"
    • requires:
      • 529: if($funkcio == "modosit" && !empty($aktualis))
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $arr_ist_padozat is not initialized and http://php.net/register_globals is enabled
  • 629: foreach($arr_ist_padozat as $k=>$v)
  • 630: $sel = " selected=\"selected\"" : ""
  • 631: print print "<option value=\"$k\"" . $sel . ">" . $v['title'] . "</option>"
    • requires:
      • 529: if($funkcio == "modosit" && !empty($aktualis))
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $arr_ist_szellozes is not initialized and http://php.net/register_globals is enabled
  • 640: foreach($arr_ist_szellozes as $k=>$v)
  • 641: $sel = " selected=\"selected\"" : ""
  • 642: print print "<option value=\"$k\"" . $sel . ">" . $v['title'] . "</option>"
    • requires:
      • 529: if($funkcio == "modosit" && !empty($aktualis))
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $arr_ist_etetesmodja is not initialized and http://php.net/register_globals is enabled
  • 651: foreach($arr_ist_etetesmodja as $k=>$v)
  • 652: $sel = " selected=\"selected\"" : ""
  • 653: print print "<option value=\"$k\"" . $sel . ">" . $v['title'] . "</option>"
    • requires:
      • 529: if($funkcio == "modosit" && !empty($aktualis))
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $arr_ist_feny is not initialized and http://php.net/register_globals is enabled
  • 662: foreach($arr_ist_feny as $k=>$v)
  • 663: $sel = " selected=\"selected\"" : ""
  • 664: print print "<option value=\"$k\"" . $sel . ">" . $v['title'] . "</option>"
    • requires:
      • 529: if($funkcio == "modosit" && !empty($aktualis))
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $arr_ist_funkcio is not initialized and http://php.net/register_globals is enabled
  • 673: foreach($arr_ist_funkcio as $k=>$v)
  • 674: $sel = " selected=\"selected\"" : ""
  • 675: print print "<option value=\"$k\"" . $sel . ">" . $v['title'] . "</option>"
    • requires:
      • 529: if($funkcio == "modosit" && !empty($aktualis))
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 755: print print "<button type=\"button\" class=\"btn_back_2_img\" title=\"" . __MEGSE . "\" onClick=\"location.href='index.php?prg=$prg&alp=$alp'\"></button>"
    • requires:
      • 529: if($funkcio == "modosit" && !empty($aktualis))
      • 751: if($jog == 2)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 760: print print "<button type=\"button\" class=\"btn_back_2_img\" title=\"" . __VISSZA . "\" onClick=\"location.href='index.php?prg=$prg&alp=$alp'\"></button>"
    • requires:
      • 529: if($funkcio == "modosit" && !empty($aktualis))
      • 758: if($jog == 2) else 
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $ist_telep_azonosito is not initialized and http://php.net/register_globals is enabled
  • 351: $aktualis = $ist_telep_azonosito // if(isset($mentes)), if(isset($aktualis)) else , if(empty($arr_hiba)), if($checkrow == $values),
  • 768: print print "<input type=\"hidden\" name=\"aktualis\" value=\"$aktualis\">"
    • requires:
      • 529: if($funkcio == "modosit" && !empty($aktualis))
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $arr_ist_tart_tech is not initialized and http://php.net/register_globals is enabled
  • 823: foreach($arr_ist_tart_tech as $k=>$v)
  • 824: print print "<option value=\"$k\">" . $v['title'] . "</option>"
    • requires:
      • 774: if($funkcio == "felvitel")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $arr_ist_padozat is not initialized and http://php.net/register_globals is enabled
  • 833: foreach($arr_ist_padozat as $k=>$v)
  • 834: $sel = " selected=\"selected\"" : ""
  • 835: print print "<option value=\"$k\"" . $sel . ">" . $v['title'] . "</option>"
    • requires:
      • 774: if($funkcio == "felvitel")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $arr_ist_szellozes is not initialized and http://php.net/register_globals is enabled
  • 844: foreach($arr_ist_szellozes as $k=>$v)
  • 845: $sel = " selected=\"selected\"" : ""
  • 846: print print "<option value=\"$k\"" . $sel . ">" . $v['title'] . "</option>"
    • requires:
      • 774: if($funkcio == "felvitel")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $arr_ist_etetesmodja is not initialized and http://php.net/register_globals is enabled
  • 855: foreach($arr_ist_etetesmodja as $k=>$v)
  • 856: $sel = " selected=\"selected\"" : ""
  • 857: print print "<option value=\"$k\"" . $sel . ">" . $v['title'] . "</option>"
    • requires:
      • 774: if($funkcio == "felvitel")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $arr_ist_feny is not initialized and http://php.net/register_globals is enabled
  • 866: foreach($arr_ist_feny as $k=>$v)
  • 867: $sel = " selected=\"selected\"" : ""
  • 868: print print "<option value=\"$k\"" . $sel . ">" . $v['title'] . "</option>"
    • requires:
      • 774: if($funkcio == "felvitel")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $arr_ist_funkcio is not initialized and http://php.net/register_globals is enabled
  • 878: foreach($arr_ist_funkcio as $k=>$v)
  • 879: $sel = " selected=\"selected\"" : ""
  • 880: print print "<option value=\"$k\"" . $sel . ">" . $v['title'] . "</option>"
    • requires:
      • 774: if($funkcio == "felvitel")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 943: print print "<button type=\"button\" class=\"btn_back_2_img\" title=\"" . __MEGSE . "\" onClick=\"location.href='index.php?prg=" . $prg . "&alp=" . $alp . "'\"></button>"
    • requires:
      • 774: if($funkcio == "felvitel")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $ist_telep_azonosito is not initialized and http://php.net/register_globals is enabled
  • 351: $aktualis = $ist_telep_azonosito // if(isset($mentes)), if(isset($aktualis)) else , if(empty($arr_hiba)), if($checkrow == $values),
  • 980: echo echo $aktualis
    • requires:
      • 951: if(!empty($aktualis))

File: /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/genetika.php

Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 518: print print "<button type=\"button\" class=\"btn_back_2_img\" title=\"" . __MEGSE . "\" value=\"" . __MEGSE . "\" data-toggle=\"tooltip\" onClick=\"location.href='index.php?prg=$prg&alp=$alp'\"></button>"
    • requires:
      • 433: if($funkcio == "modosit")
      • 514: if($jog == 2)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 523: print print "<button type=\"button\" class=\"btn_back_2_img\" title=\"" . __VISSZA . "\" value=\"" . __VISSZA . "\" data-toggle=\"tooltip\" onClick=\"location.href='index.php?prg=$prg&alp=$alp'\"></button>"
    • requires:
      • 433: if($funkcio == "modosit")
      • 521: if($jog == 2) else 
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 672: $j = 0
  • 677: $sel = " selected=\"selected\" " // if($honap == $j),
  • 675: $sel = ""
  • 472: $sel = " selected " // if($sor == $enar_adat),
  • 470: $sel = ""
  • 0: $honapok is not initialized and http://php.net/register_globals is enabled
  • 673: foreach($honapok as $k=>$v)
  • 679: echo echo "<option value='" . $j . "' " . $sel . ">" . $v . "</option>"
    • requires:
      • 433: if($funkcio == "modosit")
      • 530: if(defset ('MOD_TAKARMANY'FALSE) === TRUE || defset ('MOD_TOJAS'FALSE) === TRUE)
      • 614: if(!empty($ref_query))
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 686: $j = 0
  • 691: $sel = " selected=\"selected\" " // if($honap == $j),
  • 689: $sel = ""
  • 677: $sel = " selected=\"selected\" " // if($honap == $j),
  • 675: $sel = ""
  • 472: $sel = " selected " // if($sor == $enar_adat),
  • 470: $sel = ""
  • 0: $honapok is not initialized and http://php.net/register_globals is enabled
  • 687: foreach($honapok as $k=>$v)
  • 693: echo echo "<option value='" . $j . "' " . $sel . ">" . $v . "</option>"
    • requires:
      • 433: if($funkcio == "modosit")
      • 530: if(defset ('MOD_TAKARMANY'FALSE) === TRUE || defset ('MOD_TOJAS'FALSE) === TRUE)
      • 614: if(!empty($ref_query))
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $i is not initialized and http://php.net/register_globals is enabled
  • 702: for($i = *$i <= 4$i++)
  • 705: print print "<b>" . __REFERENCIAFAJLAG . " " . $i . "</b>"
    • requires:
      • 433: if($funkcio == "modosit")
      • 530: if(defset ('MOD_TAKARMANY'FALSE) === TRUE || defset ('MOD_TOJAS'FALSE) === TRUE)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $i is not initialized and http://php.net/register_globals is enabled
  • 702: for($i = *$i <= 4$i++)
  • 710: print print "<input type='text' class='bevitel' name='fajlag[" . $i . "]' size=10>"
    • requires:
      • 433: if($funkcio == "modosit")
      • 530: if(defset ('MOD_TAKARMANY'FALSE) === TRUE || defset ('MOD_TOJAS'FALSE) === TRUE)
      • 708: if(defset ('MOD_TAKARMANY'FALSE) === TRUE)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $i is not initialized and http://php.net/register_globals is enabled
  • 702: for($i = *$i <= 4$i++)
  • 713: print print "<input type='text' class='bevitel' name='rahizlalt[" . $i . "]' size=10>"
    • requires:
      • 433: if($funkcio == "modosit")
      • 530: if(defset ('MOD_TAKARMANY'FALSE) === TRUE || defset ('MOD_TOJAS'FALSE) === TRUE)
      • 708: if(defset ('MOD_TAKARMANY'FALSE) === TRUE)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $i is not initialized and http://php.net/register_globals is enabled
  • 702: for($i = *$i <= 4$i++)
  • 716: print print "<input type='text' class='bevitel' name='ntgy[" . $i . "]' size=10>"
    • requires:
      • 433: if($funkcio == "modosit")
      • 530: if(defset ('MOD_TAKARMANY'FALSE) === TRUE || defset ('MOD_TOJAS'FALSE) === TRUE)
      • 708: if(defset ('MOD_TAKARMANY'FALSE) === TRUE)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $i is not initialized and http://php.net/register_globals is enabled
  • 702: for($i = *$i <= 4$i++)
  • 719: print print "<input type='text' class='bevitel' name='indulosuly[" . $i . "]' size=10>"
    • requires:
      • 433: if($funkcio == "modosit")
      • 530: if(defset ('MOD_TAKARMANY'FALSE) === TRUE || defset ('MOD_TOJAS'FALSE) === TRUE)
      • 708: if(defset ('MOD_TAKARMANY'FALSE) === TRUE)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $i is not initialized and http://php.net/register_globals is enabled
  • 702: for($i = *$i <= 4$i++)
  • 722: print print "<input type='text' class='bevitel' name='husminoseg[" . $i . "]' size=10>"
    • requires:
      • 433: if($funkcio == "modosit")
      • 530: if(defset ('MOD_TAKARMANY'FALSE) === TRUE || defset ('MOD_TOJAS'FALSE) === TRUE)
      • 708: if(defset ('MOD_TAKARMANY'FALSE) === TRUE)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $i is not initialized and http://php.net/register_globals is enabled
  • 702: for($i = *$i <= 4$i++)
  • 728: print print "<input type='text' class='bevitel' name='fajlag_tojtomeg[" . $i . "]' size=10>"
    • requires:
      • 433: if($funkcio == "modosit")
      • 530: if(defset ('MOD_TAKARMANY'FALSE) === TRUE || defset ('MOD_TOJAS'FALSE) === TRUE)
      • 726: if(defset ('MOD_TOJAS'FALSE) === TRUE)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $i is not initialized and http://php.net/register_globals is enabled
  • 702: for($i = *$i <= 4$i++)
  • 731: print print "<input type='text' class='bevitel' name='tak_tojasmassza[" . $i . "]' size=10>"
    • requires:
      • 433: if($funkcio == "modosit")
      • 530: if(defset ('MOD_TAKARMANY'FALSE) === TRUE || defset ('MOD_TOJAS'FALSE) === TRUE)
      • 726: if(defset ('MOD_TOJAS'FALSE) === TRUE)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $i is not initialized and http://php.net/register_globals is enabled
  • 702: for($i = *$i <= 4$i++)
  • 734: print print "<input type='text' class='bevitel' name='tojasmassza[" . $i . "]' size=10>"
    • requires:
      • 433: if($funkcio == "modosit")
      • 530: if(defset ('MOD_TAKARMANY'FALSE) === TRUE || defset ('MOD_TOJAS'FALSE) === TRUE)
      • 726: if(defset ('MOD_TOJAS'FALSE) === TRUE)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $i is not initialized and http://php.net/register_globals is enabled
  • 702: for($i = *$i <= 4$i++)
  • 737: print print "<input type='text' class='bevitel' name='tojas_db[" . $i . "]' size=10>"
    • requires:
      • 433: if($funkcio == "modosit")
      • 530: if(defset ('MOD_TAKARMANY'FALSE) === TRUE || defset ('MOD_TOJAS'FALSE) === TRUE)
      • 726: if(defset ('MOD_TOJAS'FALSE) === TRUE)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $i is not initialized and http://php.net/register_globals is enabled
  • 702: for($i = *$i <= 4$i++)
  • 740: print print "<input type='text' class='bevitel' name='tojasmassza_db[" . $i . "]' size=10>"
    • requires:
      • 433: if($funkcio == "modosit")
      • 530: if(defset ('MOD_TAKARMANY'FALSE) === TRUE || defset ('MOD_TOJAS'FALSE) === TRUE)
      • 726: if(defset ('MOD_TOJAS'FALSE) === TRUE)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $i is not initialized and http://php.net/register_globals is enabled
  • 702: for($i = *$i <= 4$i++)
  • 745: print print "<input type='text' class='bevitel' name='hulla_hatarertek[" . $i . "]' size=10>"
    • requires:
      • 433: if($funkcio == "modosit")
      • 530: if(defset ('MOD_TAKARMANY'FALSE) === TRUE || defset ('MOD_TOJAS'FALSE) === TRUE)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $i is not initialized and http://php.net/register_globals is enabled
  • 702: for($i = *$i <= 4$i++)
  • 748: print print "<input type='text' class='bevitel' name='hulla_tolerancia[" . $i . "]' size=10>"
    • requires:
      • 433: if($funkcio == "modosit")
      • 530: if(defset ('MOD_TAKARMANY'FALSE) === TRUE || defset ('MOD_TOJAS'FALSE) === TRUE)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $i is not initialized and http://php.net/register_globals is enabled
  • 702: for($i = *$i <= 4$i++)
  • 751: print print "<select name='honaptol[" . $i . "]' class='legordulo'>"
    • requires:
      • 433: if($funkcio == "modosit")
      • 530: if(defset ('MOD_TAKARMANY'FALSE) === TRUE || defset ('MOD_TOJAS'FALSE) === TRUE)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 752: $j = 0
  • 755: $sel = ""
  • 0: $honapok is not initialized and http://php.net/register_globals is enabled
  • 753: foreach($honapok as $k=>$v)
  • 759: echo echo "<option value='" . $j . "' " . $sel . ">" . $v . "</option>"
    • requires:
      • 433: if($funkcio == "modosit")
      • 530: if(defset ('MOD_TAKARMANY'FALSE) === TRUE || defset ('MOD_TOJAS'FALSE) === TRUE)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $i is not initialized and http://php.net/register_globals is enabled
  • 702: for($i = *$i <= 4$i++)
  • 764: print print "<select name='honapig[" . $i . "]' class='legordulo'>"
    • requires:
      • 433: if($funkcio == "modosit")
      • 530: if(defset ('MOD_TAKARMANY'FALSE) === TRUE || defset ('MOD_TOJAS'FALSE) === TRUE)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 765: $j = 0
  • 768: $sel = ""
  • 0: $honapok is not initialized and http://php.net/register_globals is enabled
  • 766: foreach($honapok as $k=>$v)
  • 772: echo echo "<option value='" . $j . "' " . $sel . ">" . $v . "</option>"
    • requires:
      • 433: if($funkcio == "modosit")
      • 530: if(defset ('MOD_TAKARMANY'FALSE) === TRUE || defset ('MOD_TOJAS'FALSE) === TRUE)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 783: print print "<button type=\"button\" class=\"btn_back_2_img\" title=\"" . __MEGSE . "\" value=\"" . __MEGSE . "\" data-toggle=\"tooltip\" onClick=\"location.href='index.php?prg=$prg&alp=$alp'\"></button>"
    • requires:
      • 433: if($funkcio == "modosit")
      • 530: if(defset ('MOD_TAKARMANY'FALSE) === TRUE || defset ('MOD_TOJAS'FALSE) === TRUE)
      • 779: if($jog == 2)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 788: print print "<button type=\"button\" class=\"btn_back_2_img\" title=\"" . __VISSZA . "\" value=\"" . __VISSZA . "\" data-toggle=\"tooltip\" onClick=\"location.href='index.php?prg=$prg&alp=$alp'\"></button>"
    • requires:
      • 433: if($funkcio == "modosit")
      • 530: if(defset ('MOD_TAKARMANY'FALSE) === TRUE || defset ('MOD_TOJAS'FALSE) === TRUE)
      • 786: if($jog == 2) else 
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $gen_nev is not initialized and http://php.net/register_globals is enabled
  • 810: print print " value=\"$gen_nev\""
    • requires:
      • 802: if($funkcio == "felvitel")
      • 809: if(isset($gen_nev))
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $gen_megjegyzes is not initialized and http://php.net/register_globals is enabled
  • 835: print print $gen_megjegyzes
    • requires:
      • 802: if($funkcio == "felvitel")
      • 834: if(isset($gen_megjegyzes))
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 854: print print "<button type=\"button\" class=\"btn_back_2_img\" title=\"" . __MEGSE . "\" value=\"" . __MEGSE . "\" onClick=\"location.href='index.php?prg=" . $prg . "&alp=" . $alp . "'\"></button>"
    • requires:
      • 802: if($funkcio == "felvitel")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $i is not initialized and http://php.net/register_globals is enabled
  • 702: for($i = *$i <= 4$i++) // if($funkcio == "modosit"), if(defset('MOD_TAKARMANY', FALSE) === TRUE || defset('MOD_TOJAS', FALSE) === TRUE),
  • 937: for($i = *$i <= 4$i++)
  • 940: print print "<b>" . __REFERENCIAFAJLAG . " " . $i . "</b>"
    • requires:
      • 802: if($funkcio == "felvitel")
      • 858: if(defset ('MOD_TAKARMANY'FALSE) === TRUE || defset ('MOD_TOJAS'FALSE) === TRUE)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $i is not initialized and http://php.net/register_globals is enabled
  • 702: for($i = *$i <= 4$i++) // if($funkcio == "modosit"), if(defset('MOD_TAKARMANY', FALSE) === TRUE || defset('MOD_TOJAS', FALSE) === TRUE),
  • 937: for($i = *$i <= 4$i++)
  • 75: $fajlag = !$fajlag : [] // if(isset($mentes)), if(isset($aktualis)), if(defset('MOD_TAKARMANY', FALSE) === TRUE),
  • 208: $fajlag = !$fajlag : [] // if(isset($mentes)), if(isset($aktualis)) else , if(defset('MOD_TAKARMANY', FALSE) === TRUE),
  • 945: $value = $fajlag[$i] : ''
  • 946: print print "<input type='text' class='bevitel' name='fajlag[" . $i . "]' size=10 value=\"" . $value . "\">"
    • requires:
      • 802: if($funkcio == "felvitel")
      • 858: if(defset ('MOD_TAKARMANY'FALSE) === TRUE || defset ('MOD_TOJAS'FALSE) === TRUE)
      • 943: if(defset ('MOD_TAKARMANY'FALSE) === TRUE)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $i is not initialized and http://php.net/register_globals is enabled
  • 702: for($i = *$i <= 4$i++) // if($funkcio == "modosit"), if(defset('MOD_TAKARMANY', FALSE) === TRUE || defset('MOD_TOJAS', FALSE) === TRUE),
  • 937: for($i = *$i <= 4$i++)
  • 949: $value = $rahizlalt[$i] : ''
  • 950: print print "<input type='text' class='bevitel' name='rahizlalt[" . $i . "]' size=10 value=\"" . $value . "\">"
    • requires:
      • 802: if($funkcio == "felvitel")
      • 858: if(defset ('MOD_TAKARMANY'FALSE) === TRUE || defset ('MOD_TOJAS'FALSE) === TRUE)
      • 943: if(defset ('MOD_TAKARMANY'FALSE) === TRUE)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $i is not initialized and http://php.net/register_globals is enabled
  • 702: for($i = *$i <= 4$i++) // if($funkcio == "modosit"), if(defset('MOD_TAKARMANY', FALSE) === TRUE || defset('MOD_TOJAS', FALSE) === TRUE),
  • 937: for($i = *$i <= 4$i++)
  • 953: $value = $ntgy[$i] : ''
  • 954: print print "<input type='text' class='bevitel' name='ntgy[" . $i . "]' size=10 value=\"" . $value . "\">"
    • requires:
      • 802: if($funkcio == "felvitel")
      • 858: if(defset ('MOD_TAKARMANY'FALSE) === TRUE || defset ('MOD_TOJAS'FALSE) === TRUE)
      • 943: if(defset ('MOD_TAKARMANY'FALSE) === TRUE)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $i is not initialized and http://php.net/register_globals is enabled
  • 702: for($i = *$i <= 4$i++) // if($funkcio == "modosit"), if(defset('MOD_TAKARMANY', FALSE) === TRUE || defset('MOD_TOJAS', FALSE) === TRUE),
  • 937: for($i = *$i <= 4$i++)
  • 957: $value = $indulosuly[$i] : ''
  • 958: print print "<input type='text' class='bevitel' name='indulosuly[" . $i . "]' size=10 value=\"" . $value . "\">"
    • requires:
      • 802: if($funkcio == "felvitel")
      • 858: if(defset ('MOD_TAKARMANY'FALSE) === TRUE || defset ('MOD_TOJAS'FALSE) === TRUE)
      • 943: if(defset ('MOD_TAKARMANY'FALSE) === TRUE)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $i is not initialized and http://php.net/register_globals is enabled
  • 702: for($i = *$i <= 4$i++) // if($funkcio == "modosit"), if(defset('MOD_TAKARMANY', FALSE) === TRUE || defset('MOD_TOJAS', FALSE) === TRUE),
  • 937: for($i = *$i <= 4$i++)
  • 961: $value = $husminoseg[$i] : ''
  • 962: print print "<input type='text' class='bevitel' name='husminoseg[" . $i . "]' size=10 value=\"" . $value . "\">"
    • requires:
      • 802: if($funkcio == "felvitel")
      • 858: if(defset ('MOD_TAKARMANY'FALSE) === TRUE || defset ('MOD_TOJAS'FALSE) === TRUE)
      • 943: if(defset ('MOD_TAKARMANY'FALSE) === TRUE)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $i is not initialized and http://php.net/register_globals is enabled
  • 702: for($i = *$i <= 4$i++) // if($funkcio == "modosit"), if(defset('MOD_TAKARMANY', FALSE) === TRUE || defset('MOD_TOJAS', FALSE) === TRUE),
  • 937: for($i = *$i <= 4$i++)
  • 968: $value = $fajlag_tojtomeg[$i] : ''
  • 969: print print "<input type='text' class='bevitel' name='fajlag_tojtomeg[" . $i . "]' size=10 value=\"" . $value . "\">"
    • requires:
      • 802: if($funkcio == "felvitel")
      • 858: if(defset ('MOD_TAKARMANY'FALSE) === TRUE || defset ('MOD_TOJAS'FALSE) === TRUE)
      • 966: if(defset ('MOD_TOJAS'FALSE) === TRUE)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $i is not initialized and http://php.net/register_globals is enabled
  • 702: for($i = *$i <= 4$i++) // if($funkcio == "modosit"), if(defset('MOD_TAKARMANY', FALSE) === TRUE || defset('MOD_TOJAS', FALSE) === TRUE),
  • 937: for($i = *$i <= 4$i++)
  • 972: $value = $tak_tojasmassza[$i] : ''
  • 973: print print "<input type='text' class='bevitel' name='tak_tojasmassza[" . $i . "]' size=10 value=\"" . $value . "\">"
    • requires:
      • 802: if($funkcio == "felvitel")
      • 858: if(defset ('MOD_TAKARMANY'FALSE) === TRUE || defset ('MOD_TOJAS'FALSE) === TRUE)
      • 966: if(defset ('MOD_TOJAS'FALSE) === TRUE)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $i is not initialized and http://php.net/register_globals is enabled
  • 702: for($i = *$i <= 4$i++) // if($funkcio == "modosit"), if(defset('MOD_TAKARMANY', FALSE) === TRUE || defset('MOD_TOJAS', FALSE) === TRUE),
  • 937: for($i = *$i <= 4$i++)
  • 976: $value = $tojasmassza[$i] : ''
  • 977: print print "<input type='text' class='bevitel' name='tojasmassza[" . $i . "]' size=10 value=\"" . $value . "\">"
    • requires:
      • 802: if($funkcio == "felvitel")
      • 858: if(defset ('MOD_TAKARMANY'FALSE) === TRUE || defset ('MOD_TOJAS'FALSE) === TRUE)
      • 966: if(defset ('MOD_TOJAS'FALSE) === TRUE)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $i is not initialized and http://php.net/register_globals is enabled
  • 702: for($i = *$i <= 4$i++) // if($funkcio == "modosit"), if(defset('MOD_TAKARMANY', FALSE) === TRUE || defset('MOD_TOJAS', FALSE) === TRUE),
  • 937: for($i = *$i <= 4$i++)
  • 980: $value = $tojas_db[$i] : ''
  • 981: print print "<input type='text' class='bevitel' name='tojas_db[" . $i . "]' size=10 value=\"" . $value . "\">"
    • requires:
      • 802: if($funkcio == "felvitel")
      • 858: if(defset ('MOD_TAKARMANY'FALSE) === TRUE || defset ('MOD_TOJAS'FALSE) === TRUE)
      • 966: if(defset ('MOD_TOJAS'FALSE) === TRUE)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $i is not initialized and http://php.net/register_globals is enabled
  • 702: for($i = *$i <= 4$i++) // if($funkcio == "modosit"), if(defset('MOD_TAKARMANY', FALSE) === TRUE || defset('MOD_TOJAS', FALSE) === TRUE),
  • 937: for($i = *$i <= 4$i++)
  • 984: $value = $tojasmassza_db[$i] : ''
  • 985: print print "<input type='text' class='bevitel' name='tojasmassza_db[" . $i . "]' size=10 value=\"" . $value . "\">"
    • requires:
      • 802: if($funkcio == "felvitel")
      • 858: if(defset ('MOD_TAKARMANY'FALSE) === TRUE || defset ('MOD_TOJAS'FALSE) === TRUE)
      • 966: if(defset ('MOD_TOJAS'FALSE) === TRUE)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $i is not initialized and http://php.net/register_globals is enabled
  • 702: for($i = *$i <= 4$i++) // if($funkcio == "modosit"), if(defset('MOD_TAKARMANY', FALSE) === TRUE || defset('MOD_TOJAS', FALSE) === TRUE),
  • 937: for($i = *$i <= 4$i++)
  • 990: $value = $hulla_hatarertek[$i] : ''
  • 991: print print "<input type='text' class='bevitel' name='hulla_hatarertek[" . $i . "]' size=10 value=\"" . $value . "\">"
    • requires:
      • 802: if($funkcio == "felvitel")
      • 858: if(defset ('MOD_TAKARMANY'FALSE) === TRUE || defset ('MOD_TOJAS'FALSE) === TRUE)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $i is not initialized and http://php.net/register_globals is enabled
  • 702: for($i = *$i <= 4$i++) // if($funkcio == "modosit"), if(defset('MOD_TAKARMANY', FALSE) === TRUE || defset('MOD_TOJAS', FALSE) === TRUE),
  • 937: for($i = *$i <= 4$i++)
  • 994: $value = $hulla_tolerancia[$i] : ''
  • 995: print print "<input type='text' class='bevitel' name='hulla_tolerancia[" . $i . "]' size=10 value=\"" . $value . "\">"
    • requires:
      • 802: if($funkcio == "felvitel")
      • 858: if(defset ('MOD_TAKARMANY'FALSE) === TRUE || defset ('MOD_TOJAS'FALSE) === TRUE)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $i is not initialized and http://php.net/register_globals is enabled
  • 702: for($i = *$i <= 4$i++) // if($funkcio == "modosit"), if(defset('MOD_TAKARMANY', FALSE) === TRUE || defset('MOD_TOJAS', FALSE) === TRUE),
  • 937: for($i = *$i <= 4$i++)
  • 999: print print "<select name='honaptol[" . $i . "]' class='legordulo'>"
    • requires:
      • 802: if($funkcio == "felvitel")
      • 858: if(defset ('MOD_TAKARMANY'FALSE) === TRUE || defset ('MOD_TOJAS'FALSE) === TRUE)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 1000: $j = 0
  • 1005: $sel = " selected " // if($value == $j),
  • 1003: $sel = ""
  • 768: $sel = "" // if($funkcio == "modosit"), if(defset('MOD_TAKARMANY', FALSE) === TRUE || defset('MOD_TOJAS', FALSE) === TRUE),
  • 755: $sel = "" // if($funkcio == "modosit"), if(defset('MOD_TAKARMANY', FALSE) === TRUE || defset('MOD_TOJAS', FALSE) === TRUE),
  • 691: $sel = " selected=\"selected\" " // if($funkcio == "modosit"), if(defset('MOD_TAKARMANY', FALSE) === TRUE || defset('MOD_TOJAS', FALSE) === TRUE), if(!empty($ref_query)), if($honap == $j),
  • 689: $sel = "" // if($funkcio == "modosit"), if(defset('MOD_TAKARMANY', FALSE) === TRUE || defset('MOD_TOJAS', FALSE) === TRUE), if(!empty($ref_query)),
  • 677: $sel = " selected=\"selected\" " // if($funkcio == "modosit"), if(defset('MOD_TAKARMANY', FALSE) === TRUE || defset('MOD_TOJAS', FALSE) === TRUE), if(!empty($ref_query)), if($honap == $j),
  • 675: $sel = "" // if($funkcio == "modosit"), if(defset('MOD_TAKARMANY', FALSE) === TRUE || defset('MOD_TOJAS', FALSE) === TRUE), if(!empty($ref_query)),
  • 472: $sel = " selected " // if($funkcio == "modosit"), if($sor == $enar_adat),
  • 470: $sel = "" // if($funkcio == "modosit"),
  • 0: $honapok is not initialized and http://php.net/register_globals is enabled
  • 1001: foreach($honapok as $k=>$v)
  • 1007: echo echo "<option value='" . $j . "' " . $sel . ">" . $v . "</option>"
    • requires:
      • 802: if($funkcio == "felvitel")
      • 858: if(defset ('MOD_TAKARMANY'FALSE) === TRUE || defset ('MOD_TOJAS'FALSE) === TRUE)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $i is not initialized and http://php.net/register_globals is enabled
  • 702: for($i = *$i <= 4$i++) // if($funkcio == "modosit"), if(defset('MOD_TAKARMANY', FALSE) === TRUE || defset('MOD_TOJAS', FALSE) === TRUE),
  • 937: for($i = *$i <= 4$i++)
  • 1013: print print "<select name='honapig[" . $i . "]' class='legordulo'>"
    • requires:
      • 802: if($funkcio == "felvitel")
      • 858: if(defset ('MOD_TAKARMANY'FALSE) === TRUE || defset ('MOD_TOJAS'FALSE) === TRUE)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 1014: $j = 0
  • 1019: $sel = " selected " // if($value == $j),
  • 1017: $sel = ""
  • 1005: $sel = " selected " // if($value == $j),
  • 1003: $sel = ""
  • 768: $sel = "" // if($funkcio == "modosit"), if(defset('MOD_TAKARMANY', FALSE) === TRUE || defset('MOD_TOJAS', FALSE) === TRUE),
  • 755: $sel = "" // if($funkcio == "modosit"), if(defset('MOD_TAKARMANY', FALSE) === TRUE || defset('MOD_TOJAS', FALSE) === TRUE),
  • 691: $sel = " selected=\"selected\" " // if($funkcio == "modosit"), if(defset('MOD_TAKARMANY', FALSE) === TRUE || defset('MOD_TOJAS', FALSE) === TRUE), if(!empty($ref_query)), if($honap == $j),
  • 689: $sel = "" // if($funkcio == "modosit"), if(defset('MOD_TAKARMANY', FALSE) === TRUE || defset('MOD_TOJAS', FALSE) === TRUE), if(!empty($ref_query)),
  • 677: $sel = " selected=\"selected\" " // if($funkcio == "modosit"), if(defset('MOD_TAKARMANY', FALSE) === TRUE || defset('MOD_TOJAS', FALSE) === TRUE), if(!empty($ref_query)), if($honap == $j),
  • 675: $sel = "" // if($funkcio == "modosit"), if(defset('MOD_TAKARMANY', FALSE) === TRUE || defset('MOD_TOJAS', FALSE) === TRUE), if(!empty($ref_query)),
  • 472: $sel = " selected " // if($funkcio == "modosit"), if($sor == $enar_adat),
  • 470: $sel = "" // if($funkcio == "modosit"),
  • 0: $honapok is not initialized and http://php.net/register_globals is enabled
  • 1015: foreach($honapok as $k=>$v)
  • 1021: echo echo "<option value='" . $j . "' " . $sel . ">" . $v . "</option>"
    • requires:
      • 802: if($funkcio == "felvitel")
      • 858: if(defset ('MOD_TAKARMANY'FALSE) === TRUE || defset ('MOD_TOJAS'FALSE) === TRUE)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 1031: print print "<button type=\"button\" class=\"btn_back_2_img\" title=\"" . __MEGSE . "\" value=\"" . __MEGSE . "\" data-toggle=\"tooltip\" onClick=\"location.href='index.php?prg=$prg&alp=$alp'\"></button>"
    • requires:
      • 802: if($funkcio == "felvitel")
      • 858: if(defset ('MOD_TAKARMANY'FALSE) === TRUE || defset ('MOD_TOJAS'FALSE) === TRUE)

File: /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/feladatok.php

SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $cond_telepek is not initialized and http://php.net/register_globals is enabled
  • 87: select $res = $pdo->select ("SELECT *          FROM io_feladat2lanc          LEFT JOIN io_lanc ON lan_az = f2l_lan_az          WHERE f2l_tfe_az = :f2l_tfe_az $cond_telepek"[':f2l_tfe_az'=>$aktualis])
    • requires:
      • 36: if(isset($mentes))
      • 37: if(!empty($aktualis))
      • 83: if(1 || $isSuperAdmin)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 275: print print "<input type=\"button\" class=\"gomb btn_back_2_img\" value=\"" . __MEGSE . "\" title=\"" . __MEGSE . "\" onClick=\"location.href='index.php?prg=$prg&alp=$alp'\"></td></tr>"
    • requires:
      • 241: if($funkcio == "modosit")
      • 271: if($jog == 2)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 279: print print "<input type=\"button\" class=\"gomb btn_back_2_img\" value=\"" . __VISSZA . "\" title=\"" . __VISSZA . "\"onClick=\"location.href='index.php?prg=$prg&alp=$alp'\"></td></tr>"
    • requires:
      • 241: if($funkcio == "modosit")
      • 277: if($jog == 2) else 
SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $lanc_tabla is not initialized and http://php.net/register_globals is enabled
  • 293: select $eredmeny = $pdo->select ("SELECT lan_az, lan_nev, f2l_lan_az, f2l_tfe_az      FROM $lanc_tabla      LEFT JOIN io_feladat2lanc ON f2l_lan_az = lan_az        AND f2l_tfe_az = :f2l_tfe_az      WHERE lan_del = 0 AND lan_telep = 1 $cond_telepek     ORDER BY IF(f2l_lan_az > 0, 1, 0) DESC, lan_nev"[':f2l_tfe_az'=>$aktualis])
    • requires:
      • 241: if($funkcio == "modosit")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 313: print print "<input type=\"button\" class=\"gomb btn_back_2_img\" value=\"" . __MEGSE . "\" title=\"" . __MEGSE . "\" onClick=\"location.href='index.php?prg=$prg&alp=$alp'\"></td></tr>"
    • requires:
      • 241: if($funkcio == "modosit")
      • 310: if($jog == 2)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 317: print print "<input type=\"button\" class=\"gomb btn_back_2_img\" value=\"" . __VISSZA . "\" title=\"" . __VISSZA . "\" onClick=\"location.href='index.php?prg=$prg&alp=$alp'\"></td></tr>"
    • requires:
      • 241: if($funkcio == "modosit")
      • 315: if($jog == 2) else 
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 357: print print "<input type=\"button\" class=\"gomb btn_back_2_img\" value=\"" . __MEGSE . "\" title=\"" . __MEGSE . "\" onClick=\"location.href='index.php?prg=" . $prg . "&alp=" . $alp . "'\"></td></tr>"
    • requires:
      • 325: if($funkcio == "felvitel")

File: /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/hypor_heritable_defects.php

Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 45: $entity_id = !$_REQUEST['entity_id'] : NULL // if($action == 'delete'),
  • 49: $entity = Animal::getentity ('hypor_orokolheto_hibak'$entity_id) // if($action == 'delete'), if($entity_id),
  • 55: $action = 'list' // if($action == 'delete'),
  • 33: $action = 'edit' // if($action == 'new' || $action == 'edit'), if(isset($_REQUEST)), if($valid === TRUE),
  • 12: $_REQUEST['action'] = 'list' // if(!isset($_REQUEST)),
  • 16: $action = !$_REQUEST['action'] : 'list'
  • 62: print print geteditform ($entity$action)
    • requires:
      • 58: switch($action)
      • 60:  case 'edit' : 

File: /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/termek.php

SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $aktualis is not initialized and http://php.net/register_globals is enabled
  • 485: select $res = $pdo->select ("SELECT *            FROM io_termek2lanc           LEFT JOIN io_lanc ON lan_az = t2l_lan_az           WHERE t2l_ter_az = '$aktualis$cond_telepek"[':t2l_ter_az'=>$aktualis])
    • requires:
      • 119: if(isset($mentes))
      • 137: if(!empty($aktualis))
      • 212: if(empty($arr_hiba))
      • 481: if(1 || $isSuperAdmin)
SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $aktualis is not initialized and http://php.net/register_globals is enabled
  • 551: select $res = $pdo->select ("SELECT *            FROM io_ter2csop            WHERE t2c_ter_az = '$aktualis"[':t2c_ter_az'=>$aktualis])
    • requires:
      • 119: if(isset($mentes))
      • 137: if(!empty($aktualis))
      • 212: if(empty($arr_hiba))
      • 532: if(1 || $isSuperAdmin)
SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 703: $_id = $event_entity->getid ()
  • 726: $aktualis = $_id
  • 0: $cond_telepek is not initialized and http://php.net/register_globals is enabled
  • 738: select $res = $pdo->select ("SELECT *            FROM io_termek2lanc           LEFT JOIN io_lanc ON lan_az = t2l_lan_az           WHERE t2l_ter_az = '$aktualis$cond_telepek"[':t2l_ter_az'=>$aktualis])
    • requires:
      • 119: if(isset($mentes))
      • 608: if(!empty($aktualis)) else 
      • 619: if(empty($arr_hiba))
      • 734: if(1 || $isSuperAdmin)
SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $cond_telepek is not initialized and http://php.net/register_globals is enabled
  • 34: $alap_feltetel = ""
  • 13: $_SESSION['kter_filter_tka_az'] = 0 // if(!isset($_SESSION)),
  • 17: $filter_tka_az = $_SESSION['kter_filter_tka_az'] // if(!isset($_REQUEST)),
  • 37: $alap_feltetel .= " AND ter_tka_az='" . $filter_tka_az . "'" // if($filter_tka_az),
  • 41: $_arr_filter_fields = ['ter_cikkszam''ter_nev''gy.gyt_nev''fo.gyt_nev'] // if(strlen($filter_text)),
  • 43: foreach($_arr_filter_fields as $v) // if(strlen($filter_text)),
  • 24: $_SESSION['kter_filter_text'] = "" // if(!isset($_SESSION)),
  • 28: $filter_text = $_SESSION['kter_filter_text'] // if(!isset($_REQUEST)),
  • 44: $a[] = " ($v LIKE '%" . $filter_text . "%') " // if(strlen($filter_text)),
  • 46: $alap_feltetel .= " AND ( " . implode(" OR "$a) . " )" // if(strlen($filter_text)),
  • 50: $_SESSION['kter_aktiv_e'] = 1 // if(!isset($_SESSION)),
  • 54: $ter_aktiv_e = $_SESSION['kter_aktiv_e'] // if(!isset($ter_aktiv_e)),
  • 61: $alap_feltetel .= " AND ter_aktiv='" . $ter_aktiv_e . "'" // if($ter_aktiv_e != 2 && $ter_aktiv_e != 9),
  • 899: $alap_feltetel .= ' AND (SELECT COUNT(t2c_ter_az) FROM io_ter2csop WHERE t2c_ter_az = ter.ter_az AND t2c_tcs_az = ' . $filter_termekcsoport . ') > 0 ' // if(!empty($filter_termekcsoport)),
  • 904: $alap_feltetel .= ' AND EXISTS (SELECT 1 FROM io_flex_item2ter WHERE fc2t_ter_az = ter_az)' // if(!empty($filter_flex_cikkszam)), if($filter_flex_cikkszam == 2),
  • 907: $alap_feltetel .= ' AND NOT EXISTS (SELECT 1 FROM io_flex_item2ter WHERE fc2t_ter_az = ter_az)' // if(!empty($filter_flex_cikkszam)), if($filter_flex_cikkszam == 2) else ,
  • 911: $query = "SELECT ter.*,       io_termekkategoria.*,       gen_nev,       COUNT(DISTINCT t2l_lan_az) as cnt_t2l_lan,       COUNT(DISTINCT lan_az) as cnt_lan,       fo.gyt_nev as fo_nev,       gy.gyt_nev as gy_nev,       ertek as translated_tka_name     FROM io_termek ter  LEFT JOIN io_termekkategoria ON ter.ter_tka_az = tka_az AND tka_del = 0   LEFT JOIN io_gyarto gy ON ter.ter_gyt_az = gy.gyt_az AND gy.gyt_del = 0   LEFT JOIN io_gyarto fo ON ter.ter_forgalmazo_gyt_az = fo.gyt_az AND fo.gyt_del = 0   LEFT JOIN io_genetika ON ter.ter_gen_az = gen_az AND gen_del = 0   LEFT JOIN io_termek2lanc ON t2l_ter_az = ter.ter_az   LEFT JOIN io_lanc ON t2l_lan_az = lan_az AND lan_telep=1 AND lan_is_kereskedelem=0 $cond_telepek      LEFT JOIN io_language_values ON nyelv = '" . SITE_LANGUAGE . "' AND  nev = CONCAT('__TKA_NAME_', tka_az)    WHERE tka_csop_name NOT IN ('gyogyszer','tenyesz')       AND tka_is_kereskedelem = 0  $alap_feltetel       " . (" AND ter.ter_del=0 " : " AND ter.ter_del=1 ") . "      GROUP BY ter.ter_az     HAVING cnt_t2l_lan = 0 OR cnt_lan > 0     ORDER BY ter.ter_aktiv DESC"
  • 934: select $eredmeny = $pdo->select ($query)
    • requires:
      • 895: if($funkcio == "")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $filter_flex_cikkszam is not initialized and http://php.net/register_globals is enabled
  • 1029: echo echo $form->select ('filter_flex_cikkszam'[0=>'-- ' . __OSSZES . ' --'2=>__IGEN1=>__NEM]$filter_flex_cikkszam??0['title'=>__VAN_FLEX_CIKKSZAM'title_display'=>'before''class'=>'legordulo''prefix'=>'<div style="float:left;padding: 0 2px 0 2px;">''suffix'=>'</div>'])
    • requires:
      • 895: if($funkcio == "")
      • 1028: if($api_kotelezo_azonositok)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 1181: print print "<button type=\"button\" class=\"btn_back_2_img\" title=\"" . __MEGSE . "\" onClick=\"location.href='index.php?prg=$prg&alp=$alp'\"></button>"
    • requires:
      • 1142: if($funkcio == "felvitel" && empty($_REQUEST['tka_az']))
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $arr_tny_tprofil is not initialized and http://php.net/register_globals is enabled
  • 1563: foreach($arr_tny_tprofil as $k=>$v)
  • 1564: print print "<option value=\"" . $k . "\"" . (" selected=\"selected\"" : "") . ">" . $v['title'] . "</option>"
    • requires:
      • 1190: if($funkcio == "modosit")
      • 1528: if($sor['ter_tka_az'] == 6)
      • 1557: if(defset ('MOD_TENYESZTES'FALSE) === TRUE)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 614: $flex_cikkszam = trim($_REQUEST['flex_cikkszam']) // if(isset($mentes)), if(!empty($aktualis)) else ,
  • 1652: print print " value=\"$flex_cikkszam\""
    • requires:
      • 1190: if($funkcio == "modosit")
      • 1646: if(!in_array($sor['ter_tka_az'][10]))
      • 1651: if(isset($flex_cikkszam))
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 1670: print print $form->text('hotraco_key'$_REQUEST['hotraco_key']??''64['class'=>'bevitel'])
    • requires:
      • 1190: if($funkcio == "modosit")
      • 1666: if(!empty(get_sys_var ("hotraco")) && in_array($sor['ter_tka_az'][610]))
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 1684: print print "<button type=\"button\" class=\"btn_back_2_img\" title=\"" . __MEGSE . "\" data-toggle=\"tooltip\" onClick=\"location.href='index.php?prg=$prg&alp=$alp'\"></button>"
    • requires:
      • 1190: if($funkcio == "modosit")
      • 1679: if($jog == 2)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 1691: print print "<button type=\"button\" class=\"btn_back_2_img\" title=\"" . __VISSZA . "\" data-toggle=\"tooltip\" onClick=\"location.href='index.php?prg=$prg&alp=$alp'\"></button>"
    • requires:
      • 1190: if($funkcio == "modosit")
      • 1688: if($jog == 2) else 
SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $cond_telepek is not initialized and http://php.net/register_globals is enabled
  • 1896: select $eredmeny = $pdo->select ("SELECT lan_az, lan_nev, t2l_lan_az, t2l_ter_az       FROM io_lanc        LEFT JOIN io_termek2lanc ON t2l_lan_az = lan_az AND t2l_ter_az = :t2l_ter_az        WHERE lan_del = 0 AND lan_telep = 1 $cond_telepek       ORDER BY IF(t2l_lan_az>0,1,0) DESC, lan_nev"[':t2l_ter_az'=>$aktualis])
    • requires:
      • 1190: if($funkcio == "modosit")
      • 1699: if($sor['ter_tka_az'] && defset ('MOD_HIZLALAS'FALSE) != FALSE)
      • 1716: if(1)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 1924: print print "<button type=\"button\" class=\"btn_back_2_img\" title=\"" . __MEGSE . "\" data-toggle=\"tooltip\" onClick=\"location.href='index.php?prg=$prg&alp=$alp'\"></button>"
    • requires:
      • 1190: if($funkcio == "modosit")
      • 1699: if($sor['ter_tka_az'] && defset ('MOD_HIZLALAS'FALSE) != FALSE)
      • 1716: if(1)
      • 1919: if($jog == 2)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 1931: print print "<button type=\"button\" class=\"btn_back_2_img\" title=\"" . __VISSZA . "\" data-toggle=\"tooltip\" onClick=\"location.href='index.php?prg=$prg&alp=$alp'\"></button>"
    • requires:
      • 1190: if($funkcio == "modosit")
      • 1699: if($sor['ter_tka_az'] && defset ('MOD_HIZLALAS'FALSE) != FALSE)
      • 1716: if(1)
      • 1928: if($jog == 2) else 

File: /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/vevo.php

Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 40: $f['vsz_az'] = $_REQUEST['vsz_az'] // if(!empty($_REQUEST)),
  • 43: $vsz_az = $pdo->insert ('io_vbol_szerzodes'$f'REPLACE'FALSE)
  • 24: $vbol_az = (int)$_REQUEST['vbol_az']
  • 105: $output = ['vsz_az'=>$vsz_az'vbol_az'=>$vbol_az]
  • 113: echo echo (mi_json_encode ($output))
    • requires:
      • 18: if(isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] === 'XMLHttpRequest')
      • 23: if($_REQUEST['do'] == "szerzodes_ment")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $arr_vsr_kategoria_suly is not initialized and http://php.net/register_globals is enabled
  • 351: foreach($arr_vsr_kategoria_suly as $k=>$v)
  • 352: print print "<option value='" . $k . "' "
    • requires:
      • 18: if(isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] === 'XMLHttpRequest')
      • 160: elseif($_REQUEST['do'] == "szerzodes_valtas")
      • 344: if($vsr_sor_num)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $arr_vsr_kategoria_suly is not initialized and http://php.net/register_globals is enabled
  • 351: foreach($arr_vsr_kategoria_suly as $k=>$v)
  • 356: print print ">" . mb_strtoupper($v['title']) . "</option>"
    • requires:
      • 18: if(isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] === 'XMLHttpRequest')
      • 160: elseif($_REQUEST['do'] == "szerzodes_valtas")
      • 344: if($vsr_sor_num)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $arr_vsr_kategoria_suly is not initialized and http://php.net/register_globals is enabled
  • 389: foreach($arr_vsr_kategoria_suly as $k=>$v)
  • 390: print print "<option value='" . $k . "' "
    • requires:
      • 18: if(isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] === 'XMLHttpRequest')
      • 160: elseif($_REQUEST['do'] == "szerzodes_valtas")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $arr_vsr_kategoria_suly is not initialized and http://php.net/register_globals is enabled
  • 389: foreach($arr_vsr_kategoria_suly as $k=>$v)
  • 394: print print ">" . mb_strtoupper($v['title']) . "</option>"
    • requires:
      • 18: if(isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] === 'XMLHttpRequest')
      • 160: elseif($_REQUEST['do'] == "szerzodes_valtas")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 553: $output = hmi_recalc_2_vsz_az ($_REQUEST['vsz_az'])
  • 555: echo echo (mi_json_encode ($output))
    • requires:
      • 18: if(isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] === 'XMLHttpRequest')
      • 551: elseif($_REQUEST['do'] == "hmi_recalc_2_vsz")
SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 874: $cond = ""
  • 868: $_SESSION['pa_filter_aktiv_e'] = $_REQUEST['filter_aktiv_e'] // if(isset($_REQUEST)),
  • 871: $filter_aktiv_e = $_SESSION['pa_filter_aktiv_e'] // if(isset($_REQUEST)) else ,
  • 876: $cond .= " AND bol_del=0 AND bol_aktiv='" . $filter_aktiv_e . "'" // if(!in_array($filter_aktiv_e, [2, 9])),
  • 879: $cond .= " AND bol_del=1 " // elseif(in_array($filter_aktiv_e, [9])),
  • 882: $cond .= " AND bol_del=0 " // elseif(in_array($filter_aktiv_e, [2])),
  • 886: $cond .= " AND bol_vep_az = " . (int)$filter_bol_vep_az . " " // if(!empty($filter_bol_vep_az)),
  • 891: $cond .= " AND bol_kulso_kod != ''" // if(!empty($filter_bol_kulso_kod)), if($filter_bol_kulso_kod == 2),
  • 894: $cond .= " AND bol_kulso_kod = ''" // if(!empty($filter_bol_kulso_kod)), if($filter_bol_kulso_kod == 2) else ,
  • 906: select $eredmeny = $pdo->select ("SELECT *   FROM io_bolt     LEFT JOIN io_vevo_profil ON bol_vep_az = vep_az    WHERE bol_vev_az = :bol_vev_az $cond    ORDER BY bol_az ASC"[':bol_vev_az'=>$sor0['vev_az']])
    • requires:
      • 863: if($funkcio == "bolt")
SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side. (Blind exploitation)
  • 0: $bolt_tabla is not initialized and http://php.net/register_globals is enabled
  • 10: $lanc = TELEP_UGYFEL_LAN_AZ
  • 898: $sor0 = $pdo->selectfirst("SELECT *   FROM io_vevo     JOIN io_regio ON reg_az = vev_reg_az     JOIN io_lanc ON lan_az = reg_lan_az     WHERE lan_az = :lan_az "[':lan_az'=>$lanc])
  • 930: select $pdo->select ("SELECT COUNT(bol_az) as cnt_rows,       SUM( IF(bol_del=0, 1, 0) ) as n_2,       SUM( IF(bol_del=0 AND bol_aktiv=1, 1, 0) ) as n_1,       SUM( IF(bol_del=0 AND bol_aktiv=0, 1, 0) ) as n_0,       SUM( IF(bol_del=1, 1, 0) ) as n_9       FROM $bolt_tabla       WHERE bol_vev_az='" . $sor0['vev_az'] . "'       GROUP BY bol_vev_az     ")
    • requires:
      • 863: if($funkcio == "bolt")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $filter_bol_kulso_kod is not initialized and http://php.net/register_globals is enabled
  • 961: echo echo $form->select ('filter_bol_kulso_kod'[0=>'-- ' . __OSSZES . ' --'2=>'Igen'1=>'Nem']$filter_bol_kulso_kod??0['title'=>__VAN_KONYVELESI_KOD'title_display'=>'before''class'=>'legordulo''prefix'=>'<div style="float:left; padding: 0 2px 0 0;">''suffix'=>'</div>'])
    • requires:
      • 863: if($funkcio == "bolt")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $nev is not initialized and http://php.net/register_globals is enabled
  • 1076: print print "<tr><td class=\"tabla_cella col_label\"><b>" . __NAME . "</b></td><td class=\"tabla_cella col_field\">   <input type=\"text\" name=\"nev\" class=\"bevitel\" size=\"40\"" . (" value=\"$nev\"" : "") . ">"
    • requires:
      • 1063: if($funkcio == "bolt_fel")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $nev_teljes is not initialized and http://php.net/register_globals is enabled
  • 1079: print print "<tr><td class=\"tabla_cella col_label\"><b>" . __FULLNAME . "</b></td><td class=\"tabla_cella col_field\">   <input type=\"text\" name=\"nev_teljes\" class=\"bevitel\" size=\"40\"" . (" value=\"$nev_teljes\"" : "") . ">"
    • requires:
      • 1063: if($funkcio == "bolt_fel")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $szallitasi_cim is not initialized and http://php.net/register_globals is enabled
  • 1085: print print " value=\"$szallitasi_cim\""
    • requires:
      • 1063: if($funkcio == "bolt_fel")
      • 1084: if(isset($szallitasi_cim))
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $szamlazasi_cim is not initialized and http://php.net/register_globals is enabled
  • 1091: print print " value=\"$szamlazasi_cim\""
    • requires:
      • 1063: if($funkcio == "bolt_fel")
      • 1090: if(isset($szamlazasi_cim))
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $telefon is not initialized and http://php.net/register_globals is enabled
  • 19: $jog = jogszint (Animal::currenuserid()"admin""vevo") // if(isset($_SERVER) && $_SERVER === 'XMLHttpRequest'),
  • 1095: print print $form->phonenumber('telefon'$telefonNULL['wrapper'=>'tr''disabled'=>$jog == 1'validator'=>['name'=>'validatePhoneNumber''params'=>['...telefon']]])
    • requires:
      • 1063: if($funkcio == "bolt_fel")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $fax is not initialized and http://php.net/register_globals is enabled
  • 19: $jog = jogszint (Animal::currenuserid()"admin""vevo") // if(isset($_SERVER) && $_SERVER === 'XMLHttpRequest'),
  • 1104: print print $form->faxnumber('fax'$faxNULL['wrapper'=>'tr''disabled'=>$jog == 1'validator'=>['name'=>'validateFaxNumber''params'=>['...fax']]])
    • requires:
      • 1063: if($funkcio == "bolt_fel")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $email is not initialized and http://php.net/register_globals is enabled
  • 1113: print print "<tr><td class=\"tabla_cella col_label\"><b>" . __EMAIL . "</b></td><td class=\"tabla_cella col_field\">   <textarea name=\"email\" class=\"bevitel ta_memo\"" . (" disabled" : "") . ">" . (!$email : '') . "</textarea></td></tr>"
    • requires:
      • 1063: if($funkcio == "bolt_fel")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $email_outstanding_email is not initialized and http://php.net/register_globals is enabled
  • 1116: print print "<tr><td class=\"tabla_cella col_label\"><b>" . __KINTLEVOSEG . " : " . __EMAIL . "</b></td><td class=\"tabla_cella col_field\">   <textarea name=\"email_outstanding_email\" class=\"bevitel ta_memo\"" . (" disabled" : "") . ">" . (!$email_outstanding_email : '') . "</textarea></td></tr>"
    • requires:
      • 1063: if($funkcio == "bolt_fel")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $email_outstanding_text is not initialized and http://php.net/register_globals is enabled
  • 1132: print print "<tr><td class=\"tabla_cella col_label\"><b>" . __AUTO_KINTLEVOSEG_EMAIL_SZOVEGE . "</b></td><td class=\"tabla_cella col_field\">   <textarea name=\"email_outstanding_text\" class=\"bevitel ta_memo\"" . (" disabled" : "") . ">" . (!$email_outstanding_text : '') . "</textarea></td></tr>"
    • requires:
      • 1063: if($funkcio == "bolt_fel")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $kapcsolat is not initialized and http://php.net/register_globals is enabled
  • 1163: print print " value=\"$kapcsolat\""
    • requires:
      • 1063: if($funkcio == "bolt_fel")
      • 1162: if(isset($kapcsolat))
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $profil is not initialized and http://php.net/register_globals is enabled
  • 1170: print print " value=\"$profil\""
    • requires:
      • 1063: if($funkcio == "bolt_fel")
      • 1169: if(isset($profil))
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $fizhat is not initialized and http://php.net/register_globals is enabled
  • 1182: print print " value=\"$fizhat\""
    • requires:
      • 1063: if($funkcio == "bolt_fel")
      • 1181: if(isset($fizhat))
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 1190: $eredmeny = $pdo->select ("SELECT * FROM io_biztosito WHERE biz_del = 0 ORDER BY biz_nev") // , trace stopped
  • 1191: foreach($eredmeny as $sor)
  • 1192: $biztositok[$sor'biz_az'] = $sor['biz_nev']
  • 0: $biztosito is not initialized and http://php.net/register_globals is enabled
  • 1197: print print Animal::getform()->select ('biztosito'$biztositok$biztosito['class'=>'legordulo'])
    • requires:
      • 1063: if($funkcio == "bolt_fel")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $biztositasi_limit is not initialized and http://php.net/register_globals is enabled
  • 1205: print print " value=\"$biztositasi_limit\""
    • requires:
      • 1063: if($funkcio == "bolt_fel")
      • 1204: if(isset($biztositasi_limit))
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $vagohidi_szorzo is not initialized and http://php.net/register_globals is enabled
  • 1212: print print " value=\"$vagohidi_szorzo\""
    • requires:
      • 1063: if($funkcio == "bolt_fel")
      • 1211: if(isset($vagohidi_szorzo))
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $vevo is not initialized and http://php.net/register_globals is enabled
  • 599: $aktualis = $pdo->insert ('io_bolt'['bol_vev_az'=>$vevo : 0'bol_azonosito'=>$azonosito : '''bol_nev'=>$nev : '''bol_nev_teljes'=>$nev_teljes : '''bol_szallitasi_cim'=>$szallitasi_cim : '''bol_szamlazasi_cim'=>$szamlazasi_cim : '''bol_telefon'=>$telefon : '''bol_fax' // if(isset($felvitel)), if($funkcio == "bolt_fel"), if(isset($nev) && $nev != '' && empty($arr_hiba)),
  • 1312: $sor = $pdo->selectfirst("SELECT *     FROM io_bolt     JOIN io_vevo ON vev_az = bol_vev_az     JOIN io_regio ON reg_az = vev_reg_az     JOIN io_lanc ON lan_az = reg_lan_az     WHERE bol_az = :bol_az "[':bol_az'=>$aktualis])
  • 1322: print print "<tr><td colspan=2 class=\"tabla_fejlec box_cim\">" . __VEVOK . " - " . $sor['bol_nev'] . "</td></tr>"
    • requires:
      • 1311: if($funkcio == "bolt_mod")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $vevo is not initialized and http://php.net/register_globals is enabled
  • 599: $aktualis = $pdo->insert ('io_bolt'['bol_vev_az'=>$vevo : 0'bol_azonosito'=>$azonosito : '''bol_nev'=>$nev : '''bol_nev_teljes'=>$nev_teljes : '''bol_szallitasi_cim'=>$szallitasi_cim : '''bol_szamlazasi_cim'=>$szamlazasi_cim : '''bol_telefon'=>$telefon : '''bol_fax' // if(isset($felvitel)), if($funkcio == "bolt_fel"), if(isset($nev) && $nev != '' && empty($arr_hiba)),
  • 1312: $sor = $pdo->selectfirst("SELECT *     FROM io_bolt     JOIN io_vevo ON vev_az = bol_vev_az     JOIN io_regio ON reg_az = vev_reg_az     JOIN io_lanc ON lan_az = reg_lan_az     WHERE bol_az = :bol_az "[':bol_az'=>$aktualis])
  • 1324: print print "<tr><td class=\"tabla_cella col_label\"><b>" . __NAME . "</b></td>  <td class=\"tabla_cella col_field\">   <input type=\"text\" name=\"nev\" class=\"bevitel\" size=\"40\" value=\"" . $sor['bol_nev'] . "\"" . (" disabled" : "") . "></td></tr>"
    • requires:
      • 1311: if($funkcio == "bolt_mod")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $vevo is not initialized and http://php.net/register_globals is enabled
  • 599: $aktualis = $pdo->insert ('io_bolt'['bol_vev_az'=>$vevo : 0'bol_azonosito'=>$azonosito : '''bol_nev'=>$nev : '''bol_nev_teljes'=>$nev_teljes : '''bol_szallitasi_cim'=>$szallitasi_cim : '''bol_szamlazasi_cim'=>$szamlazasi_cim : '''bol_telefon'=>$telefon : '''bol_fax' // if(isset($felvitel)), if($funkcio == "bolt_fel"), if(isset($nev) && $nev != '' && empty($arr_hiba)),
  • 1312: $sor = $pdo->selectfirst("SELECT *     FROM io_bolt     JOIN io_vevo ON vev_az = bol_vev_az     JOIN io_regio ON reg_az = vev_reg_az     JOIN io_lanc ON lan_az = reg_lan_az     WHERE bol_az = :bol_az "[':bol_az'=>$aktualis])
  • 1327: print print "<tr><td class=\"tabla_cella col_label\"><b>" . __FULLNAME . "</b></td><td class=\"tabla_cella col_field\">   <input type=\"text\" name=\"nev_teljes\" class=\"bevitel\" size=\"40\" value=\"" . $sor['bol_nev_teljes'] . "\"" . (" disabled" : "") . "></td></tr>"
    • requires:
      • 1311: if($funkcio == "bolt_mod")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $vevo is not initialized and http://php.net/register_globals is enabled
  • 599: $aktualis = $pdo->insert ('io_bolt'['bol_vev_az'=>$vevo : 0'bol_azonosito'=>$azonosito : '''bol_nev'=>$nev : '''bol_nev_teljes'=>$nev_teljes : '''bol_szallitasi_cim'=>$szallitasi_cim : '''bol_szamlazasi_cim'=>$szamlazasi_cim : '''bol_telefon'=>$telefon : '''bol_fax' // if(isset($felvitel)), if($funkcio == "bolt_fel"), if(isset($nev) && $nev != '' && empty($arr_hiba)),
  • 1312: $sor = $pdo->selectfirst("SELECT *     FROM io_bolt     JOIN io_vevo ON vev_az = bol_vev_az     JOIN io_regio ON reg_az = vev_reg_az     JOIN io_lanc ON lan_az = reg_lan_az     WHERE bol_az = :bol_az "[':bol_az'=>$aktualis])
  • 1330: print print "<tr><td class=\"tabla_cella col_label\"><b>" . __VEVOK_SZALLITASICIM . "</b></td><td class=\"tabla_cella col_field\">   <input type=\"text\" name=\"szallitasi_cim\" class=\"bevitel\" size=\"80\" value=\"" . $sor['bol_szallitasi_cim'] . "\"" . (" disabled" : "") . "></td></tr>"
    • requires:
      • 1311: if($funkcio == "bolt_mod")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $vevo is not initialized and http://php.net/register_globals is enabled
  • 599: $aktualis = $pdo->insert ('io_bolt'['bol_vev_az'=>$vevo : 0'bol_azonosito'=>$azonosito : '''bol_nev'=>$nev : '''bol_nev_teljes'=>$nev_teljes : '''bol_szallitasi_cim'=>$szallitasi_cim : '''bol_szamlazasi_cim'=>$szamlazasi_cim : '''bol_telefon'=>$telefon : '''bol_fax' // if(isset($felvitel)), if($funkcio == "bolt_fel"), if(isset($nev) && $nev != '' && empty($arr_hiba)),
  • 1312: $sor = $pdo->selectfirst("SELECT *     FROM io_bolt     JOIN io_vevo ON vev_az = bol_vev_az     JOIN io_regio ON reg_az = vev_reg_az     JOIN io_lanc ON lan_az = reg_lan_az     WHERE bol_az = :bol_az "[':bol_az'=>$aktualis])
  • 1332: print print "<tr><td class=\"tabla_cella col_label\"><b>" . __SZAMLAZASI_CIM . "</b></td><td class=\"tabla_cella col_field\">   <input type=\"text\" name=\"szamlazasi_cim\" class=\"bevitel\" size=\"80\" value=\"" . $sor['bol_szamlazasi_cim'] . "\"" . (" disabled" : "") . "></td></tr>"
    • requires:
      • 1311: if($funkcio == "bolt_mod")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $vevo is not initialized and http://php.net/register_globals is enabled
  • 599: $aktualis = $pdo->insert ('io_bolt'['bol_vev_az'=>$vevo : 0'bol_azonosito'=>$azonosito : '''bol_nev'=>$nev : '''bol_nev_teljes'=>$nev_teljes : '''bol_szallitasi_cim'=>$szallitasi_cim : '''bol_szamlazasi_cim'=>$szamlazasi_cim : '''bol_telefon'=>$telefon : '''bol_fax' // if(isset($felvitel)), if($funkcio == "bolt_fel"), if(isset($nev) && $nev != '' && empty($arr_hiba)),
  • 1312: $sor = $pdo->selectfirst("SELECT *     FROM io_bolt     JOIN io_vevo ON vev_az = bol_vev_az     JOIN io_regio ON reg_az = vev_reg_az     JOIN io_lanc ON lan_az = reg_lan_az     WHERE bol_az = :bol_az "[':bol_az'=>$aktualis])
  • 19: $jog = jogszint (Animal::currenuserid()"admin""vevo") // if(isset($_SERVER) && $_SERVER === 'XMLHttpRequest'),
  • 1335: print print $form->phonenumber('telefon' : $sor['bol_telefon']NULL['wrapper'=>'tr''disabled'=>$jog == 1'validator'=>['name'=>'validatePhoneNumber''params'=>['...telefon']]])
    • requires:
      • 1311: if($funkcio == "bolt_mod")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $vevo is not initialized and http://php.net/register_globals is enabled
  • 599: $aktualis = $pdo->insert ('io_bolt'['bol_vev_az'=>$vevo : 0'bol_azonosito'=>$azonosito : '''bol_nev'=>$nev : '''bol_nev_teljes'=>$nev_teljes : '''bol_szallitasi_cim'=>$szallitasi_cim : '''bol_szamlazasi_cim'=>$szamlazasi_cim : '''bol_telefon'=>$telefon : '''bol_fax' // if(isset($felvitel)), if($funkcio == "bolt_fel"), if(isset($nev) && $nev != '' && empty($arr_hiba)),
  • 1312: $sor = $pdo->selectfirst("SELECT *     FROM io_bolt     JOIN io_vevo ON vev_az = bol_vev_az     JOIN io_regio ON reg_az = vev_reg_az     JOIN io_lanc ON lan_az = reg_lan_az     WHERE bol_az = :bol_az "[':bol_az'=>$aktualis])
  • 19: $jog = jogszint (Animal::currenuserid()"admin""vevo") // if(isset($_SERVER) && $_SERVER === 'XMLHttpRequest'),
  • 1344: print print $form->faxnumber('fax' : $sor['bol_fax']NULL['wrapper'=>'tr''disabled'=>$jog == 1'validator'=>['name'=>'validateFaxNumber''params'=>['...fax']]])
    • requires:
      • 1311: if($funkcio == "bolt_mod")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $vevo is not initialized and http://php.net/register_globals is enabled
  • 599: $aktualis = $pdo->insert ('io_bolt'['bol_vev_az'=>$vevo : 0'bol_azonosito'=>$azonosito : '''bol_nev'=>$nev : '''bol_nev_teljes'=>$nev_teljes : '''bol_szallitasi_cim'=>$szallitasi_cim : '''bol_szamlazasi_cim'=>$szamlazasi_cim : '''bol_telefon'=>$telefon : '''bol_fax' // if(isset($felvitel)), if($funkcio == "bolt_fel"), if(isset($nev) && $nev != '' && empty($arr_hiba)),
  • 1312: $sor = $pdo->selectfirst("SELECT *     FROM io_bolt     JOIN io_vevo ON vev_az = bol_vev_az     JOIN io_regio ON reg_az = vev_reg_az     JOIN io_lanc ON lan_az = reg_lan_az     WHERE bol_az = :bol_az "[':bol_az'=>$aktualis])
  • 1353: print print "<tr><td class=\"tabla_cella col_label\"><b>" . __EMAIL . "</b></td><td class=\"tabla_cella col_field\">   <textarea name=\"email\" class=\"bevitel ta_memo\"" . (" disabled" : "") . ">" . $sor['bol_email'] . "</textarea></td></tr>"
    • requires:
      • 1311: if($funkcio == "bolt_mod")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $vevo is not initialized and http://php.net/register_globals is enabled
  • 599: $aktualis = $pdo->insert ('io_bolt'['bol_vev_az'=>$vevo : 0'bol_azonosito'=>$azonosito : '''bol_nev'=>$nev : '''bol_nev_teljes'=>$nev_teljes : '''bol_szallitasi_cim'=>$szallitasi_cim : '''bol_szamlazasi_cim'=>$szamlazasi_cim : '''bol_telefon'=>$telefon : '''bol_fax' // if(isset($felvitel)), if($funkcio == "bolt_fel"), if(isset($nev) && $nev != '' && empty($arr_hiba)),
  • 1312: $sor = $pdo->selectfirst("SELECT *     FROM io_bolt     JOIN io_vevo ON vev_az = bol_vev_az     JOIN io_regio ON reg_az = vev_reg_az     JOIN io_lanc ON lan_az = reg_lan_az     WHERE bol_az = :bol_az "[':bol_az'=>$aktualis])
  • 1356: print print "<tr><td class=\"tabla_cella col_label\"><b>" . __KINTLEVOSEG . " : " . __EMAIL . "</b></td><td class=\"tabla_cella col_field\">   <textarea name=\"email_outstanding_email\" class=\"bevitel ta_memo\"" . (" disabled" : "") . ">" . $sor['bol_email_outstanding_email'] . "</textarea></td></tr>"
    • requires:
      • 1311: if($funkcio == "bolt_mod")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $vevo is not initialized and http://php.net/register_globals is enabled
  • 599: $aktualis = $pdo->insert ('io_bolt'['bol_vev_az'=>$vevo : 0'bol_azonosito'=>$azonosito : '''bol_nev'=>$nev : '''bol_nev_teljes'=>$nev_teljes : '''bol_szallitasi_cim'=>$szallitasi_cim : '''bol_szamlazasi_cim'=>$szamlazasi_cim : '''bol_telefon'=>$telefon : '''bol_fax' // if(isset($felvitel)), if($funkcio == "bolt_fel"), if(isset($nev) && $nev != '' && empty($arr_hiba)),
  • 1312: $sor = $pdo->selectfirst("SELECT *     FROM io_bolt     JOIN io_vevo ON vev_az = bol_vev_az     JOIN io_regio ON reg_az = vev_reg_az     JOIN io_lanc ON lan_az = reg_lan_az     WHERE bol_az = :bol_az "[':bol_az'=>$aktualis])
  • 1372: print print "<tr><td class=\"tabla_cella col_label\"><b>" . __AUTO_KINTLEVOSEG_EMAIL_SZOVEGE . "</b></td><td class=\"tabla_cella col_field\">   <textarea name=\"email_outstanding_text\" class=\"bevitel ta_memo\"" . (" disabled" : "") . ">" . $sor['bol_email_outstanding_text'] . "</textarea></td></tr>"
    • requires:
      • 1311: if($funkcio == "bolt_mod")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $vevo is not initialized and http://php.net/register_globals is enabled
  • 599: $aktualis = $pdo->insert ('io_bolt'['bol_vev_az'=>$vevo : 0'bol_azonosito'=>$azonosito : '''bol_nev'=>$nev : '''bol_nev_teljes'=>$nev_teljes : '''bol_szallitasi_cim'=>$szallitasi_cim : '''bol_szamlazasi_cim'=>$szamlazasi_cim : '''bol_telefon'=>$telefon : '''bol_fax' // if(isset($felvitel)), if($funkcio == "bolt_fel"), if(isset($nev) && $nev != '' && empty($arr_hiba)),
  • 1312: $sor = $pdo->selectfirst("SELECT *     FROM io_bolt     JOIN io_vevo ON vev_az = bol_vev_az     JOIN io_regio ON reg_az = vev_reg_az     JOIN io_lanc ON lan_az = reg_lan_az     WHERE bol_az = :bol_az "[':bol_az'=>$aktualis])
  • 1400: print print "<tr><td class=\"tabla_cella col_label\"><b>" . __VEVOK_KAPCSOLATTNEVE . "</b></td><td class=\"tabla_cella col_field\">   <input type=\"text\" name=\"kapcsolat\" class=\"bevitel\" size=\"80\" value=\"" . $sor['bol_kapcsolat'] . "\"" . (" disabled" : "") . "></td></tr>"
    • requires:
      • 1311: if($funkcio == "bolt_mod")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $vevo is not initialized and http://php.net/register_globals is enabled
  • 599: $aktualis = $pdo->insert ('io_bolt'['bol_vev_az'=>$vevo : 0'bol_azonosito'=>$azonosito : '''bol_nev'=>$nev : '''bol_nev_teljes'=>$nev_teljes : '''bol_szallitasi_cim'=>$szallitasi_cim : '''bol_szamlazasi_cim'=>$szamlazasi_cim : '''bol_telefon'=>$telefon : '''bol_fax' // if(isset($felvitel)), if($funkcio == "bolt_fel"), if(isset($nev) && $nev != '' && empty($arr_hiba)),
  • 1312: $sor = $pdo->selectfirst("SELECT *     FROM io_bolt     JOIN io_vevo ON vev_az = bol_vev_az     JOIN io_regio ON reg_az = vev_reg_az     JOIN io_lanc ON lan_az = reg_lan_az     WHERE bol_az = :bol_az "[':bol_az'=>$aktualis])
  • 1403: print print '<tr><td class="tabla_cella col_label"><b>' . __KONYVELESI_KOD . '</b></td><td class="tabla_cella col_field">   <input type="text" name="kulso_kod" class="bevitel" value="' . $sor['bol_kulso_kod'] . '"' . (' disabled' : (' required'
    • requires:
      • 1311: if($funkcio == "bolt_mod")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $vevo is not initialized and http://php.net/register_globals is enabled
  • 599: $aktualis = $pdo->insert ('io_bolt'['bol_vev_az'=>$vevo : 0'bol_azonosito'=>$azonosito : '''bol_nev'=>$nev : '''bol_nev_teljes'=>$nev_teljes : '''bol_szallitasi_cim'=>$szallitasi_cim : '''bol_szamlazasi_cim'=>$szamlazasi_cim : '''bol_telefon'=>$telefon : '''bol_fax' // if(isset($felvitel)), if($funkcio == "bolt_fel"), if(isset($nev) && $nev != '' && empty($arr_hiba)),
  • 1312: $sor = $pdo->selectfirst("SELECT *     FROM io_bolt     JOIN io_vevo ON vev_az = bol_vev_az     JOIN io_regio ON reg_az = vev_reg_az     JOIN io_lanc ON lan_az = reg_lan_az     WHERE bol_az = :bol_az "[':bol_az'=>$aktualis])
  • 1406: print print "<tr><td class=\"tabla_cella col_label\"><b>GLN</b></td><td class=\"tabla_cella col_field\">   <input type=\"text\" name=\"gln\" class=\"bevitel\" value=\"" . $sor['bol_gln'] . "\"" . (" disabled" : "") . ">"
    • requires:
      • 1311: if($funkcio == "bolt_mod")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $vevo is not initialized and http://php.net/register_globals is enabled
  • 599: $aktualis = $pdo->insert ('io_bolt'['bol_vev_az'=>$vevo : 0'bol_azonosito'=>$azonosito : '''bol_nev'=>$nev : '''bol_nev_teljes'=>$nev_teljes : '''bol_szallitasi_cim'=>$szallitasi_cim : '''bol_szamlazasi_cim'=>$szamlazasi_cim : '''bol_telefon'=>$telefon : '''bol_fax' // if(isset($felvitel)), if($funkcio == "bolt_fel"), if(isset($nev) && $nev != '' && empty($arr_hiba)),
  • 1312: $sor = $pdo->selectfirst("SELECT *     FROM io_bolt     JOIN io_vevo ON vev_az = bol_vev_az     JOIN io_regio ON reg_az = vev_reg_az     JOIN io_lanc ON lan_az = reg_lan_az     WHERE bol_az = :bol_az "[':bol_az'=>$aktualis])
  • 1410: print print "<tr><td class=\"tabla_cella col_label\"><b>DLN</b></td><td class=\"tabla_cella col_field\">   <input type=\"text\" name=\"dln\" class=\"bevitel\" value=\"" . $sor['bol_dln'] . "\"" . (" disabled" : "") . ">"
    • requires:
      • 1311: if($funkcio == "bolt_mod")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $vevo is not initialized and http://php.net/register_globals is enabled
  • 599: $aktualis = $pdo->insert ('io_bolt'['bol_vev_az'=>$vevo : 0'bol_azonosito'=>$azonosito : '''bol_nev'=>$nev : '''bol_nev_teljes'=>$nev_teljes : '''bol_szallitasi_cim'=>$szallitasi_cim : '''bol_szamlazasi_cim'=>$szamlazasi_cim : '''bol_telefon'=>$telefon : '''bol_fax' // if(isset($felvitel)), if($funkcio == "bolt_fel"), if(isset($nev) && $nev != '' && empty($arr_hiba)),
  • 1312: $sor = $pdo->selectfirst("SELECT *     FROM io_bolt     JOIN io_vevo ON vev_az = bol_vev_az     JOIN io_regio ON reg_az = vev_reg_az     JOIN io_lanc ON lan_az = reg_lan_az     WHERE bol_az = :bol_az "[':bol_az'=>$aktualis])
  • 1414: print print "<tr><td class=\"tabla_cella col_label\"><b>" . __VEVOK_FIZETESIHIDO . " (" . __NAP . ")</b></td><td class=\"tabla_cella col_field\">   <input type=\"text\" name=\"fizhat\" class=\"bevitel\" value=\"" . $sor['bol_fizhat'] . "\"" . (" disabled" : "") . " size=\"8\"></td></tr>"
    • requires:
      • 1311: if($funkcio == "bolt_mod")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 1418: $eredmeny = $pdo->select ("SELECT * FROM io_biztosito WHERE biz_del = 0 ORDER BY biz_nev") // , trace stopped
  • 1419: foreach($eredmeny as $_sor)
  • 1420: $biztositok[$_sor'biz_az'] = $_sor['biz_nev']
  • 0: $vevo is not initialized and http://php.net/register_globals is enabled
  • 599: $aktualis = $pdo->insert ('io_bolt'['bol_vev_az'=>$vevo : 0'bol_azonosito'=>$azonosito : '''bol_nev'=>$nev : '''bol_nev_teljes'=>$nev_teljes : '''bol_szallitasi_cim'=>$szallitasi_cim : '''bol_szamlazasi_cim'=>$szamlazasi_cim : '''bol_telefon'=>$telefon : '''bol_fax' // if(isset($felvitel)), if($funkcio == "bolt_fel"), if(isset($nev) && $nev != '' && empty($arr_hiba)),
  • 1312: $sor = $pdo->selectfirst("SELECT *     FROM io_bolt     JOIN io_vevo ON vev_az = bol_vev_az     JOIN io_regio ON reg_az = vev_reg_az     JOIN io_lanc ON lan_az = reg_lan_az     WHERE bol_az = :bol_az "[':bol_az'=>$aktualis])
  • 1425: print print $form->select ('biztosito'$biztositok$sor['bol_biztosito']['class'=>'legordulo'])
    • requires:
      • 1311: if($funkcio == "bolt_mod")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $vevo is not initialized and http://php.net/register_globals is enabled
  • 599: $aktualis = $pdo->insert ('io_bolt'['bol_vev_az'=>$vevo : 0'bol_azonosito'=>$azonosito : '''bol_nev'=>$nev : '''bol_nev_teljes'=>$nev_teljes : '''bol_szallitasi_cim'=>$szallitasi_cim : '''bol_szamlazasi_cim'=>$szamlazasi_cim : '''bol_telefon'=>$telefon : '''bol_fax' // if(isset($felvitel)), if($funkcio == "bolt_fel"), if(isset($nev) && $nev != '' && empty($arr_hiba)),
  • 1312: $sor = $pdo->selectfirst("SELECT *     FROM io_bolt     JOIN io_vevo ON vev_az = bol_vev_az     JOIN io_regio ON reg_az = vev_reg_az     JOIN io_lanc ON lan_az = reg_lan_az     WHERE bol_az = :bol_az "[':bol_az'=>$aktualis])
  • 1431: print print "<tr><td class=\"tabla_cella col_label\"><b>" . __BIZTOSITASI_LIMIT . "</b></td><td class=\"tabla_cella col_field\">   <input type=\"text\" name=\"biztositasi_limit\" class=\"bevitel\" value=\"" . $sor['bol_biztositasi_limit'] . "\""
    • requires:
      • 1311: if($funkcio == "bolt_mod")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $vevo is not initialized and http://php.net/register_globals is enabled
  • 599: $aktualis = $pdo->insert ('io_bolt'['bol_vev_az'=>$vevo : 0'bol_azonosito'=>$azonosito : '''bol_nev'=>$nev : '''bol_nev_teljes'=>$nev_teljes : '''bol_szallitasi_cim'=>$szallitasi_cim : '''bol_szamlazasi_cim'=>$szamlazasi_cim : '''bol_telefon'=>$telefon : '''bol_fax' // if(isset($felvitel)), if($funkcio == "bolt_fel"), if(isset($nev) && $nev != '' && empty($arr_hiba)),
  • 1312: $sor = $pdo->selectfirst("SELECT *     FROM io_bolt     JOIN io_vevo ON vev_az = bol_vev_az     JOIN io_regio ON reg_az = vev_reg_az     JOIN io_lanc ON lan_az = reg_lan_az     WHERE bol_az = :bol_az "[':bol_az'=>$aktualis])
  • 1438: print print "<tr><td class=\"tabla_cella col_label\"><b>" . __VAGOHIDI_SZORZO . "</b></td><td class=\"tabla_cella col_field_0\">   <input type=\"text\" name=\"vagohidi_szorzo\" class=\"bevitel\" value=\"" . $sor['bol_vagohidi_szorzo'] . "\"" . (" disabled" : "") . " size=\"8\">"
    • requires:
      • 1311: if($funkcio == "bolt_mod")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 8: $currency_handler = Animal::getcurrency ()
  • 13: $opt_bazisar_decimals = $currency_handler::getbazisaroptionsdecimals()
  • 0: $vevo is not initialized and http://php.net/register_globals is enabled
  • 599: $aktualis = $pdo->insert ('io_bolt'['bol_vev_az'=>$vevo : 0'bol_azonosito'=>$azonosito : '''bol_nev'=>$nev : '''bol_nev_teljes'=>$nev_teljes : '''bol_szallitasi_cim'=>$szallitasi_cim : '''bol_szamlazasi_cim'=>$szamlazasi_cim : '''bol_telefon'=>$telefon : '''bol_fax' // if(isset($felvitel)), if($funkcio == "bolt_fel"), if(isset($nev) && $nev != '' && empty($arr_hiba)),
  • 1312: $sor = $pdo->selectfirst("SELECT *     FROM io_bolt     JOIN io_vevo ON vev_az = bol_vev_az     JOIN io_regio ON reg_az = vev_reg_az     JOIN io_lanc ON lan_az = reg_lan_az     WHERE bol_az = :bol_az "[':bol_az'=>$aktualis])
  • 1446: echo echo __TIZEDESJEGYEK . ' (' . __HASITOTTAR . '):&nbsp;' . $form->select ('bazis_ar_decimals'$opt_bazisar_decimals$sor['bol_bazis_ar_decimals']['id'=>'bazis_ar_decimal''class'=>'legordulo'])
    • requires:
      • 1311: if($funkcio == "bolt_mod")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 8: $currency_handler = Animal::getcurrency ()
  • 12: $opt_arfolyam_nap = $currency_handler::getbazisaroptionsarfolyammod()
  • 0: $vevo is not initialized and http://php.net/register_globals is enabled
  • 599: $aktualis = $pdo->insert ('io_bolt'['bol_vev_az'=>$vevo : 0'bol_azonosito'=>$azonosito : '''bol_nev'=>$nev : '''bol_nev_teljes'=>$nev_teljes : '''bol_szallitasi_cim'=>$szallitasi_cim : '''bol_szamlazasi_cim'=>$szamlazasi_cim : '''bol_telefon'=>$telefon : '''bol_fax' // if(isset($felvitel)), if($funkcio == "bolt_fel"), if(isset($nev) && $nev != '' && empty($arr_hiba)),
  • 1312: $sor = $pdo->selectfirst("SELECT *     FROM io_bolt     JOIN io_vevo ON vev_az = bol_vev_az     JOIN io_regio ON reg_az = vev_reg_az     JOIN io_lanc ON lan_az = reg_lan_az     WHERE bol_az = :bol_az "[':bol_az'=>$aktualis])
  • 1451: echo echo __BAZISAR_AUTO . ':&nbsp;' . $form->select ('bazis_ar_arfolyam_mod'$opt_arfolyam_nap$sor['bol_bazis_ar_arfolyam_mod']['id'=>'bazis_ar_arfolyam_mod''class'=>'legordulo'])
    • requires:
      • 1311: if($funkcio == "bolt_mod")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $vevo is not initialized and http://php.net/register_globals is enabled
  • 599: $aktualis = $pdo->insert ('io_bolt'['bol_vev_az'=>$vevo : 0'bol_azonosito'=>$azonosito : '''bol_nev'=>$nev : '''bol_nev_teljes'=>$nev_teljes : '''bol_szallitasi_cim'=>$szallitasi_cim : '''bol_szamlazasi_cim'=>$szamlazasi_cim : '''bol_telefon'=>$telefon : '''bol_fax' // if(isset($felvitel)), if($funkcio == "bolt_fel"), if(isset($nev) && $nev != '' && empty($arr_hiba)),
  • 1581: print print "<input type=\"hidden\" name=\"aktualis\" value=\"$aktualis\">"
    • requires:
      • 1311: if($funkcio == "bolt_mod")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $vevo is not initialized and http://php.net/register_globals is enabled
  • 599: $aktualis = $pdo->insert ('io_bolt'['bol_vev_az'=>$vevo : 0'bol_azonosito'=>$azonosito : '''bol_nev'=>$nev : '''bol_nev_teljes'=>$nev_teljes : '''bol_szallitasi_cim'=>$szallitasi_cim : '''bol_szamlazasi_cim'=>$szamlazasi_cim : '''bol_telefon'=>$telefon : '''bol_fax' // if(isset($felvitel)), if($funkcio == "bolt_fel"), if(isset($nev) && $nev != '' && empty($arr_hiba)),
  • 1663: echo echo $aktualis

File: /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/torzs.php

Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 167: echo echo $prg
    • requires:
      • 147: if($funkcio == "")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $alp is not initialized and http://php.net/register_globals is enabled
  • 167: echo echo $alp
    • requires:
      • 147: if($funkcio == "")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 170: echo echo $prg
    • requires:
      • 147: if($funkcio == "")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $alp is not initialized and http://php.net/register_globals is enabled
  • 170: echo echo $alp
    • requires:
      • 147: if($funkcio == "")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 173: echo echo $prg
    • requires:
      • 147: if($funkcio == "")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $alp is not initialized and http://php.net/register_globals is enabled
  • 173: echo echo $alp
    • requires:
      • 147: if($funkcio == "")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 270: echo echo $prg
    • requires:
      • 227: if($funkcio == "modosit" && !empty($aktualis))
      • 266: if($jog == 2)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $alp is not initialized and http://php.net/register_globals is enabled
  • 270: echo echo $alp
    • requires:
      • 227: if($funkcio == "modosit" && !empty($aktualis))
      • 266: if($jog == 2)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 276: echo echo $prg
    • requires:
      • 227: if($funkcio == "modosit" && !empty($aktualis))
      • 273: if($jog == 2) else 
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $alp is not initialized and http://php.net/register_globals is enabled
  • 276: echo echo $alp
    • requires:
      • 227: if($funkcio == "modosit" && !empty($aktualis))
      • 273: if($jog == 2) else 
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 333: echo echo $prg
    • requires:
      • 291: if($funkcio == "felvitel")
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $alp is not initialized and http://php.net/register_globals is enabled
  • 333: echo echo $alp
    • requires:
      • 291: if($funkcio == "felvitel")

File: /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/telepi_ktsgnem.php

Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 222: print print "<tr><td colspan=4 align=\"right\" class=\"tabla_cella\">   <button type=\"submit\" class=\"btn_save_2_img\" name=\"mentes\" title=\"" . __MENTES . "\"></button>&nbsp;&nbsp;" . "<button type=\"button\" class=\"btn_back_2_img\" title=\"" . __MEGSE . "\"   onClick=\"location.href='index.php?prg=$prg&alp=$alp'\"></button></td></tr>"
    • requires:
      • 187: if($funkcio == "modosit" && !empty($aktualis))
      • 221: if($jog == 2)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 228: print print "<tr><td colspan=4 align=\"right\" class=\"tabla_cella\">   <button type=\"button\" class=\"btn_back_2_img\" title=\"" . __VISSZA . "\"   onClick=\"location.href='index.php?prg=$prg&alp=$alp'\"></button></td></tr>"
    • requires:
      • 187: if($funkcio == "modosit" && !empty($aktualis))
      • 227: if($jog == 2) else 
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $tsn_nev is not initialized and http://php.net/register_globals is enabled
  • 93: $values = ['tsn_nev'=>$tsn_nev : '''tsn_megjegyzes'=>$tsn_megjegyzes : '''tsn_konyveles_kod'=>$tsn_konyveles_kod : ''] // if(isset($mentes)), if(!empty($aktualis)) else , if(empty($arr_hiba)),
  • 98: $_inserted_id = $pdo->insert ('io_telepi_ktsgnem'$values) // if(isset($mentes)), if(!empty($aktualis)) else , if(empty($arr_hiba)),
  • 105: $aktualis = $_inserted_id // if(isset($mentes)), if(!empty($aktualis)) else , if(empty($arr_hiba)), if(!empty($_inserted_id)),
  • 237: print print "<input type=\"hidden\" name=\"aktualis\" value=\"$aktualis\">"
    • requires:
      • 187: if($funkcio == "modosit" && !empty($aktualis))
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $tsn_nev is not initialized and http://php.net/register_globals is enabled
  • 250: print print " value=\"$tsn_nev\""
    • requires:
      • 242: if($funkcio == "felvitel")
      • 249: if(isset($tsn_nev))
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $tsn_nev is not initialized and http://php.net/register_globals is enabled
  • 257: print print "<td class=\"tabla_cella col_field\"><input type=\"text\" name=\"tsn_konyveles_kod\" value=\"" . $tsn_nev . "\" class=\"bevitel\" size=16></td></tr>"
    • requires:
      • 242: if($funkcio == "felvitel")
      • 255: if(get_sys_var ('konyveles_alapja'""TRUE) == '__TELEP')
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $tsn_megjegyzes is not initialized and http://php.net/register_globals is enabled
  • 263: print print $tsn_megjegyzes
    • requires:
      • 242: if($funkcio == "felvitel")
      • 262: if(isset($tsn_megjegyzes))
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 270: print print "<tr><td colspan=4 align=\"right\" class=\"tabla_cella\">   <button type=\"submit\" class=\"btn_save_2_img\" name=\"mentes\" title=\"" . __MENTES . "\"></button>&nbsp;&nbsp;" . "<button type=\"button\" class=\"btn_back_2_img\" title=\"" . __MEGSE . "\"   onClick=\"location.href='index.php?prg=" . $prg . "&alp=" . $alp . "'\"></button></td></tr>"
    • requires:
      • 242: if($funkcio == "felvitel")

File: /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/log.php

SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $kazon is not initialized and http://php.net/register_globals is enabled
  • 18: $tabla = "" // if(!isset($tabla)),
  • 22: $tevekenyseg = "" // if(!isset($tevekenyseg)),
  • 26: $feltetel = "" // if(!isset($feltetel)),
  • 30: $datum_min = date("Y-m-d"strtotime('- 1 month'time())) // if(!isset($datum_min)),
  • 34: $ido_min = "00:00" // if(!isset($ido_min)),
  • 38: $datum_max = date("Y-m-d"strtotime('+ 1 day'time())) // if(!isset($datum_max)),
  • 42: $ido_max = "23:59" // if(!isset($ido_max)),
  • 45: select $eredmeny = $pdo->select ("SELECT log_az     FROM io_log     LEFT JOIN io_felhasznalo ON fel_az = log_fel_az       AND (fel_az <> 1 OR $kazon = 1)     WHERE LOCATE('$tabla', log_tabla) > 0       AND LOCATE('$tevekenyseg', log_tevekenyseg) > 0 AND LOCATE('$feltetel', log_feltetel) > 0       AND log_idopont >= '" . (unix_datumbol ($datum_min) + substr($ido_min02) * 3600 + substr($ido_min32) * 60) . "'      AND log_idopont <= '" . (unix_datumbol (
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $alp is not initialized and http://php.net/register_globals is enabled
  • 102: print print "<button type=\"button\" value=\"" . __SZURESTORLESE . "\" title=\"" . __SZURESTORLESE . "\" class=\"btn_reset_2_img\" onClick=\"location.href='index.php?prg=admin&alp=" . $alp . "'\"></button>"

File: /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/majkategoria.php

SQL Injection

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $mka_nev is not initialized and http://php.net/register_globals is enabled
  • 80: select $eredmeny = $pdo->select ("SELECT *        FROM io_majkategoria        WHERE mka_nev = '$mka_nev'          AND mka_del = 0        LIMIT 1")
    • requires:
      • 35: if(isset($mentes))
      • 78: if(!empty($aktualis)) else 
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 213: print print "<button type=\"button\" class=\"btn_back_2_img\" title=\"" . __MEGSE . "\"onClick=\"location.href='index.php?prg=$prg&alp=$alp'\"></button>"
    • requires:
      • 179: if($funkcio == "modosit" && !empty($aktualis))
      • 209: if($jog == 2)
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 218: print print "<button type=\"button\" class=\"btn_back_2_img\" title=\"" . __VISSZA . "\" onClick=\"location.href='index.php?prg=$prg&alp=$alp'\"></button>"
    • requires:
      • 179: if($funkcio == "modosit" && !empty($aktualis))
      • 216: if($jog == 2) else 
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $mka_nev is not initialized and http://php.net/register_globals is enabled
  • 244: print print " value=\"$mka_nev\""
    • requires:
      • 236: if($funkcio == "felvitel")
      • 243: if(isset($mka_nev))
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $mka_megjegyzes is not initialized and http://php.net/register_globals is enabled
  • 255: print print $mka_megjegyzes
    • requires:
      • 236: if($funkcio == "felvitel")
      • 254: if(isset($mka_megjegyzes))
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 265: print print "<button type=\"button\" class=\"btn_back_2_img\" value=\"" . __MEGSE . "\" onClick=\"location.href='index.php?prg=" . $prg . "&alp=" . $alp . "'\"></button>"
    • requires:
      • 236: if($funkcio == "felvitel")

File: /var/www/drupalvm/dev.animalsoft.test/noweb/system/modules/admin/teljesitesi_terv.php

Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 86: echo echo $prg
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $alp is not initialized and http://php.net/register_globals is enabled
  • 86: echo echo $alp
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 9: $startYear = date("Y") - 5
  • 0: $i is not initialized and http://php.net/register_globals is enabled
  • 96: for($i = *$i < 10$i++)
  • 97: echo echo $startYear + $i
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 12: $selYear = date("Y") // if(!isset($selYear)),
  • 9: $startYear = date("Y") - 5
  • 0: $i is not initialized and http://php.net/register_globals is enabled
  • 96: for($i = *$i < 10$i++)
  • 97: echo echo isset($selYear) && $selYear == $startYear + "selected=\"selected\"" : $startYear + $i == date("Y") && !"selected=\"selected\"" : ""
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 9: $startYear = date("Y") - 5
  • 0: $i is not initialized and http://php.net/register_globals is enabled
  • 96: for($i = *$i < 10$i++)
  • 97: echo echo $startYear + $i
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $prg is not initialized and http://php.net/register_globals is enabled
  • 116: print print $prg
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $alp is not initialized and http://php.net/register_globals is enabled
  • 116: print print $alp
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $year is not initialized and http://php.net/register_globals is enabled
  • 84: $weeks = idate('W'mktime(0001227$year))
  • 147: print print $weeks
Cross-Site Scripting

Userinput reaches sensitive sink. For more information, press the help icon on the left side.
  • 0: $year is not initialized and http://php.net/register_globals is enabled
  • 84: $weeks = idate('W'mktime(0001227$year))
  • 184: echo echo $weeks